Description
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://blog.spip.net/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/spip-prior-to-remote-code-execution-via-private-space
Scores
CVSS v3
8.8
EPSS
0.0050
EPSS Percentile
38.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
SPIP/SPIP
< 4.4.14
Published
May 12, 2026
Tracked Since
May 13, 2026