Primary

Context

SPIP Authentication Bypass Vulnerability Allowing Access to Protected Information

Vulnerability

Patched

An authentication bypass vulnerability has been identified in SPIP versions prior to 4.4.10. This vulnerability arises from PHP type juggling, which enables unauthenticated attackers to bypass login verification and access sensitive internal data. The issue is exploited by taking advantage of loose type comparisons in the authentication process.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to protected information.

Remediation

Users are advised to update to SPIP version 4.4.10 or later. The update can be performed using the SPIP Loader or by downloading the latest version from the SPIP website.

Added: Feb 26, 2026, 9:34 PM

Updated: Feb 26, 2026, 9:34 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.9

remediation

7.7

relevance

3.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.9

remediation

7.7

relevance

3.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP Authentication Bypass Vulnerability Allowing Access to Protected Information

Vulnerability

Impact

Remediation

Affected Products

SPIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating