CVE-2026-27744

Source
https://cve.org/CVERecord?id=CVE-2026-27744
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27744.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-27744
Published
2026-02-25T03:08:24.714Z
Modified
2026-07-15T01:49:18.447894838Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
SPIP tickets < 4.3.3 Unauthenticated RCE
Details

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment rendering (#ENV**), which disables SPIP output filtering. As a result, an unauthenticated attacker can inject crafted content that is evaluated through SPIP's template processing chain, leading to execution of code in the context of the web server.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27744.json",
    "cwe_ids": [
        "CWE-94"
    ],
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / git.spip.net/spip-contrib-extensions/tickets

Affected ranges

Type
GIT
Repo
https://git.spip.net/spip-contrib-extensions/tickets
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
869935b6687822ed79ad5477626a664d8ea6dcf7
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.3.3"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

4.*
4.3.0
v4.*
v4.1.11
v4.1.12
v4.1.5
v4.1.6
v4.1.8
v4.1.9
v4.2.0
v4.2.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27744.json"