Content Management System Vulnerability in Kirby by GetKirby
CVE-2026-54005
7.1HIGH
What is CVE-2026-54005?
Kirby, an open-source content management system, contains a vulnerability that allows authenticated users, who have the pages.access permission disabled, to access sensitive information for published pages. This can be exploited by users who can guess or know the page IDs or UUIDs, enabling them to retrieve content and metadata through the /api/site/find route without the requisite permissions. This issue was addressed in versions 4.9.4 and 5.4.4, ensuring improved security for Kirby sites.
Affected Version(s)
kirby < 4.9.4 < 4.9.4
kirby >= 5.0.0, < 5.4.4 < 5.0.0, 5.4.4
