Open Redirect Vulnerability in SPIP Affected by Ecrire Module
CVE-2026-48832

3.5LOW

Key Information:

Vendor: Spip
Status: Spip
Vendor: CVE Published:; 24 May 2026

What is CVE-2026-48832?

The Ecrire module in SPIP, prior to version 4.4.15, is susceptible to an open redirect issue via the action/cookie.php file. This vulnerability allows attackers to manipulate URLs, potentially redirecting users to malicious sites without their consent. Proper patching in the latest version is critical to safeguard users from phishing attacks and unauthorized access.

Affected Version(s)

SPIP 0 < 4.4.15

References

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-S...

https://git.spip.net/spip/spip/-/commit/75629034697ab52a9...

https://git.spip.net/spip/ecrire/-/commit/a22cb8a56f1e37f...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2026
Vulnerability Reserved
May 24, 2026

CVE-2026-48832 Data

JSON

Spip

What is CVE-2026-48832?

Affected Version(s)

References

CVSS V3.1

Timeline