Primary

Context

SPIP Authorization Bypass Vulnerability Allowing Unauthorized Content Disclosure

Vulnerability

Patched

A vulnerability in SPIP versions prior to 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The issue arises because the application fails to properly validate authorization when displaying article and section content in AJAX-loaded fragments. This oversight enables an authenticated attacker to access restricted content. Notably, the SPIP security screen does not mitigate this vulnerability.

Impact

Exploitation of this vulnerability leads to unauthorized access to restricted content in the private area of the application.

Remediation

Users are advised to update to SPIP versions 4.3.6, 4.2.17, or 4.1.20.

Added: Feb 19, 2026, 6:35 PM

Updated: Feb 19, 2026, 6:35 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP Authorization Bypass Vulnerability Allowing Unauthorized Content Disclosure

Vulnerability

Impact

Remediation

Affected Products

SPIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating