CVE-2026-8429

HIGH WAF: Medium

CVSS 8.8 Published: 2026-05-12

CWE-94

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

WAF Coverage Analysis

Code Injection Medium WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection

References

blog.spip.net
www.vulncheck.com

Back to CVE Database