CVE-2026-8429HIGH 8.8EPSS p38.9%

CVE-2026-8429CVE-2026-8429

Description

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.9% · 2026-06-19T12:03:05Z
Published2026-05-12
Last modified2026-05-13

Underlying weaknesses· 1

CWE-94

References

  1. https://blog.spip.net/
  2. https://www.vulncheck.com/advisories/spip-prior-to-remote-code-execution-via-private-space

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8430
CVE
CVE-2026-22206
CVE
CVE-2026-27744
CVE
CVE-2025-71243
CVE
CVE-2025-48742
CVE
CVE-2026-27745
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.