cvedb.io
CVE-2026-22205
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-02-26T21:28:52.217 · Last modified 2026-06-17T10:19:32.743

Summary

SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.

Affected products

spip — spip

Does this affect you?

Add your gear to cvedb and we'll alert you only when spip ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.