Remote Code Execution Vulnerability in SPIP Affected by Nginx Configurations
CVE-2026-8430

9.2CRITICAL

Key Information:

Vendor: Spip
Status: Spip
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-8430?

SPIP versions before 4.4.14 are susceptible to a remote code execution vulnerability attributable to specific nginx configuration setups. This flaw enables malicious actors to execute arbitrary code within the web server's context, effectively bypassing the built-in security measures from SPIP. The exploitation of this vulnerability hinges on particular nginx configurations, raising significant concerns regarding web server integrity and data safety.

Affected Version(s)

SPIP 0 < 4.4.14

References

https://blog.spip.net/

vendor-advisory

https://www.vulncheck.com/advisories/spip-prior-to-remote...

third-party-advisory

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 12, 2026

Credit

Louka Jacques-Chevallier

CVE-2026-8430 Data

JSON

Spip

What is CVE-2026-8430?

Affected Version(s)

References

CVSS V4

Timeline

Credit