VYPR
Unrated severityNVD Advisory· Published Feb 26, 2026· Updated Mar 5, 2026

SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling

CVE-2026-22205

Description

SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Spip/Spipllm-fuzzy2 versions
    <4.4.10+ 1 more
    • (no CPE)range: <4.4.10
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.