CVE-2026-8430HIGH 8.1EPSS p34.6%

CVE-2026-8430CVE-2026-8430

Description

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.6% · 2026-06-19T12:03:05Z
Published2026-05-12
Last modified2026-05-13

Underlying weaknesses· 1

CWE-94

References

  1. https://blog.spip.net/
  2. https://www.vulncheck.com/advisories/spip-prior-to-remote-code-execution-via-nginx

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8429
CVE
CVE-2026-22206
CVE
CVE-2026-27744
CVE
CVE-2026-27745
CVE
CVE-2025-71243
CVE
CVE-2025-48742
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.