CVE-2026-33549HIGH 8.8EPSS p14.8%

CVE-2026-33549CVE-2026-33549

Description

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.24% probability of exploitation · percentile 14.8% · 2026-06-19T12:03:05Z
Published2026-03-22
Last modified2026-04-17

Underlying weaknesses· 1

CWE-688

References

  1. https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-13.html?lang=fr
  2. https://git.spip.net/spip/prive/-/commit/b8481a7feb00f301f0ff7d5ce2aad8a772d92c2e
  3. https://git.spip.net/spip/prive/-/merge_requests/131

1

TypeTargetConfidenceTier
WeaknessFunction Call With Incorrect Variable or Reference as Argumentcwe-6880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22206
CVE
CVE-2026-3999
CVE
CVE-2026-8429
CVE
CVE-2026-48904
CVE
CVE-2026-48899
CVE
CVE-2026-48898
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.