Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-z9p6-8xa9-dfgv
Vulnerability ID VCID-z9p6-8xa9-dfgv
Aliases CVE-2022-26847
Summary Exposure of Sensitive Information to an Unauthorized Actor SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2022-26847
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-26847
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html
https://lists.debian.org/debian-security-announce/2022/msg00060.html
CVE-2022-26847 https://nvd.nist.gov/vuln/detail/CVE-2022-26847
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.61128
EPSS Score 0.00403
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:57:20.864381+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2022-26847.yml 38.6.0