PT-2026-40349 · Spip · Spip
Louka Jacques-Chevallier
·
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-8430
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SPIP versions prior to 4.4.14
Description
A remote code execution flaw exists in the public space, allowing attackers to execute arbitrary code within the web server context. This issue is limited to specific nginx configurations and is not mitigated by the SPIP security screen.
Recommendations
Update to version 4.4.14 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spip