Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
SPIP versions before 4.4.10: Unauthenticated access to sensitive data
CVE-2026-22205
Summary
Certain versions of SPIP have a security flaw that makes it possible for unauthorized users to access sensitive information. This could lead to internal data being exposed. Update to version 4.4.10 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| spip | spip | <= 4.4.10 | – |
Original title
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit...
Original description
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-288
Authentication Bypass Using Alternate Path
- https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html Release Notes
- https://git.spip.net/spip/spip Product
- https://www.vulncheck.com/advisories/spip-sql-injection-rce-via-union-php-tags Third Party Advisory
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026