CVE-2026-22205
SPIP before 4.4.10 contains an authentication bypass caused by PHP type juggling in the login logic, enabling unauthenticated access to protected data. The issue stems from loose type comparisons in authentication (no credentials or user interaction required). CVSSv4 metrics indicate network acce...