Vulnerability DatabaseCVE-2026-22206

CVE-2026-22206:
Linux Debian vulnerability analysis and mitigation

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

8.7

Score

Published February 26, 2026

Severity HIGH

CNA Score 8.7

Affected Technologies

Linux Debian
Echo

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 44.4

Exploitation Probability (EPSS) 0.2

Affected packages and libraries

spip

Sources

NVD
Debian Security Tracker
- Debian 11 Severity HIGHNo FixAdded at: Mar 02, 2026
- Debian 13, 14 Severity HIGHHas FixAdded at: Mar 02, 2026
Echo
- Echo Severity HIGHHas FixAdded at: Mar 02, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-41445	HIGH	8.7	Linux Debian	kissfft	No	No	Apr 20, 2026
CVE-2026-28684	MEDIUM	6.6	Linux Debian	python-dotenv	No	No	Apr 20, 2026
CVE-2026-6654	MEDIUM	5.1	Rust	thin-vec	No	Yes	Apr 20, 2026
CVE-2026-3219	MEDIUM	4.6	Linux Debian	python-pip	No	No	Apr 20, 2026
CVE-2026-5958	LOW	2.1	Linux Debian	sed	No	No	Apr 20, 2026