CVE-2026-33549

Published: Mar 22, 2026

Modified: Apr 2, 2026

PUBLISHED

CVSS v3.1

6.7

MEDIUM

Description

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

Vendor	Product	Versions
SPIP	SPIP	affected `4.4.10 - < 4.4.13`

Weaknesses (CWE)

CWE-688

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

References

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-13.html?lang=fr

https://git.spip.net/spip/prive/-/merge_requests/131

https://git.spip.net/spip/prive/-/commit/b8481a7feb00f301f0ff7d5ce2aad8a772d92c2e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-33549

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References