CVE-2026-33549 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
mitre	CNA	6.7 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
spip	spip	4.4.10 ≤ 𝑥 < 4.4.13

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

spip

bullseye	vulnerable
bullseye (security)	vulnerable
forky	4.4.13+dfsg-1 fixed
sid	4.4.13+dfsg-1 fixed
trixie	vulnerable
trixie (security)	4.4.13+dfsg-0+deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

spip

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
questing	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-688 - Function Call With Incorrect Variable or Reference as Argument
The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

References

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-13.html?lang=fr

https://git.spip.net/spip/prive/-/commit/b8481a7feb00f301f0ff7d5ce2aad8a772d92c2e

https://git.spip.net/spip/prive/-/merge_requests/131