Content Management System Vulnerability in Kirby by GetKirby
CVE-2026-54005

7.1HIGH

Key Information:

Vendor

Getkirby

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-54005?

Kirby, an open-source content management system, contains a vulnerability that allows authenticated users, who have the pages.access permission disabled, to access sensitive information for published pages. This can be exploited by users who can guess or know the page IDs or UUIDs, enabling them to retrieve content and metadata through the /api/site/find route without the requisite permissions. This issue was addressed in versions 4.9.4 and 5.4.4, ensuring improved security for Kirby sites.

Affected Version(s)

kirby < 4.9.4 < 4.9.4

kirby >= 5.0.0, < 5.4.4 < 5.0.0, 5.4.4

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.