Detections
Analytics

CVE-2026-22205

high

Description

SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.

References

https://www.vulncheck.com/advisories/spip-sql-injection-rce-via-union-php-tags

https://git.spip.net/spip/spip

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html

Details

Source: Mitre, NVD

Published: 2026-02-26

Updated: 2026-03-02

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High