Is there a patch available for EUVD-2026-29748?

Yes, a patch is available for EUVD-2026-29748. Update the affected software to the latest version immediately.

Nginx EUVD-2026-29748

Q: What is the CVSS score of EUVD-2026-29748?

EUVD-2026-29748 has a CVSS 4.0 base score of 9.2 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

| CVE-2026-8430 CRITICAL

Code Injection (CWE-94)

2026-05-12 VulnCheck

GHSA-qjjx-7vj9-gr7c

RCE Code Injection Nginx

9.2

CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 12, 2026 - 20:03 EUVD

Severity Changed

May 12, 2026 - 19:22 NVD

HIGH CRITICAL

CVSS changed

May 12, 2026 - 19:22 NVD

8.1 (HIGH) 9.2 (CRITICAL)

CVE Published

May 12, 2026 - 18:43 nvd

CRITICAL 9.2

DescriptionNVD

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory