Primary

Context

SPIP Remote Code Execution Vulnerability in Private Space

Vulnerability

Patched

A remote code execution vulnerability has been identified in SPIP versions prior to 4.4.14. This vulnerability allows attackers to execute arbitrary code on the web server, bypassing SPIP's security protections. The issue is present in the private space of the application.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where SPIP is hosted.

Remediation

Users are advised to update to SPIP version 4.4.14 or later.

Added: May 12, 2026, 9:07 PM

Updated: May 12, 2026, 9:07 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.4

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.4

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP Remote Code Execution Vulnerability in Private Space

Vulnerability

Impact

Remediation

Affected Products

SPIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating