Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-zsf8-t31k-27e9
Vulnerability ID VCID-zsf8-t31k-27e9
Aliases CVE-2022-26846
Summary Code Injection SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 0.1
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.05798 https://api.first.org/data/v1/epss?cve=CVE-2022-26846
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-26846
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html
https://lists.debian.org/debian-security-announce/2022/msg00060.html
CVE-2022-26846 https://nvd.nist.gov/vuln/detail/CVE-2022-26846
USN-5482-1 https://usn.ubuntu.com/5482-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.90645
EPSS Score 0.05798
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:57:20.662848+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2022-26846.yml 38.6.0