UBUNTU-CVE-2026-8429

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-8429

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-8429

Upstream

CVE-2026-8429

Published

2026-05-12T19:16:00Z

Modified

2026-05-20T22:03:09.830542342Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

References

Affected packages

Ubuntu:22.04:LTS

spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.11-3

3.2.12-1

4.*

4.0.2-1

4.0.4-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "spip",
            "binary_version": "4.0.4-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json"

Ubuntu:24.04:LTS

spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.11+dfsg-1

4.1.12+dfsg-1

4.1.13+dfsg-1

4.1.15+dfsg-1

4.2.9+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "spip",
            "binary_version": "4.2.9+dfsg-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json"

Ubuntu:25.10

spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.8+dfsg-1

4.4.3+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "spip",
            "binary_version": "4.4.3+dfsg-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json"

Ubuntu:26.04:LTS

spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.3+dfsg-1

4.4.6+dfsg-1

4.4.7+dfsg-1

4.4.8+dfsg-1

4.4.9+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "spip",
            "binary_version": "4.4.9+dfsg-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json"

Ubuntu:Pro:16.04:LTS

spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.20-1

3.0.21-1

3.0.21-1ubuntu1

3.0.21-1ubuntu1+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "spip",
            "binary_version": "3.0.21-1ubuntu1+esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json"

Ubuntu:Pro:18.04:LTS

spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.4-3

3.1.4-4~deb9u3build0.18.04.1

3.1.4-4~deb9u5build0.18.04.1

3.1.4-4~deb9u5ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "spip",
            "binary_version": "3.1.4-4~deb9u5ubuntu0.1~esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json"

Ubuntu:Pro:20.04:LTS

spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.4-1

3.2.5-1

3.2.7-1

3.2.7-1ubuntu0.1

3.2.7-1ubuntu0.1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "spip",
            "binary_version": "3.2.7-1ubuntu0.1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8429.json"