CVE-2026-27745 - SPIP interface_traduction_objets - Remote Code Execution

Overview

SPIP interface_traduction_objets plugin < 4.3.3 contains an authenticated remote code execution caused by untrusted request data in hidden form fields rendered without output filtering, letting authenticated editors execute code via template processing.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 13.8%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers with editor privileges can execute arbitrary code on the web server, potentially compromising the entire system.

Mitigation

Upgrade to version 4.3.3 or later.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Feb 25, 2026

🟠 CVE-2026-27745 - High (8.8) The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that i... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27745/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Feb 25, 2026

🟠 CVE-2026-27745 - High (8.8) The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that i... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27745/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-27745 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score