HIGH🇵🇱 Wersja polska

CVE-2026-42069

CVSS 7.1v4.0pub. 2026-05-09upd. 2026-05-18

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Getkirby Kirby

    APP
    Getkirby
    < 4.9.05.0.0 – 5.4.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-42137HIGH7.1ten sam produkt

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and ...

CVE-2026-41325HIGH7.1ten sam produkt

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed...

CVE-2026-34587HIGH7.6ten sam produkt

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions...

CVE-2024-41964HIGH8.1ten sam produkt

Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user role...

CVE-2024-26483HIGH8.8ten sam produkt

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to exe...