← Volver a CVEs

CVE-2026-27744

CRITICAL

9.8

Descripcion

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment rendering (#ENV**), which disables SPIP output filtering. As a result, an unauthenticated attacker can inject crafted content that is evaluated through SPIP's template processing chain, leading to execution of code in the context of the web server.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado2/25/2026

Ultima modificacion2/27/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

spip:tickets

Debilidades (CWE)

CWE-94

Referencias

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html(disclosure@vulncheck.com)

https://chocapikk.com/posts/2026/spip-plugins-vulnerabilities/(disclosure@vulncheck.com)

https://git.spip.net/spip-contrib-extensions/tickets/-/commit/869935b6687822ed79ad5477626a664d8ea6dcf7(disclosure@vulncheck.com)

https://plugins.spip.net/tickets(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/spip-tickets-unauthenticated-rce(disclosure@vulncheck.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.