CVE-2026-22206 - Vulnerability Analysis

Overview

SPIP < 4.4.10 contains a sql injection caused by union-based injection techniques in SQL queries, letting authenticated low-privilege users execute arbitrary SQL queries and potentially achieve remote code execution, exploit requires authentication.

Severity & Score

Impact

Authenticated low-privilege users can execute arbitrary SQL queries and potentially achieve remote code execution on the server.

Mitigation

Update to version 4.4.10 or later.

References

• https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html
• https://git.spip.net/spip/spip
• https://www.vulncheck.com/advisories/spip-sql-injection-rce-via-union-php-tags

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 28, 2026

🟠 CVE-2026-22206 - High (8.8) SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw comb... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22206/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner