anonhaven
Ad

CVE-2026-22205

HIGH CVSS 4.0: 8.7 EPSS 0.32%
Updated Feb 27, 2026
PHP
Parameter Value
CVSS 8.7 (HIGH)
Affected Versions before 4.4.10
Type CWE-288 (Authentication Bypass Using Alternate Path)
Vendor PHP
Public PoC No

SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-288 Authentication Bypass Using Alternate Path

References 3

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html
disclosure@vulncheck.com
https://git.spip.net/spip/spip
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/spip-sql-injection-rce-via-union-php-tags
disclosure@vulncheck.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6409

PHP

7.1

CVE-2026-37347

PHP

9.1

CVE-2026-37346

PHP

4.7

CVE-2026-37345

PHP

9.8

CVE-2026-37344

PHP

7.2