CVE-2026-42051

MEDIUM SEVERITY

Vulnerability Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 09, 2026

CWE ID

CWE-862

Source

GitHub

Vendor

composer

Product

getkirby/cms

External References

https://github.com/getkirby/kirby/security/advisories/GHSA-x68m-c7jf-2572
https://github.com/getkirby/kirby/releases/tag/4.9.0
https://github.com/getkirby/kirby/releases/tag/5.4.0
https://github.com/advisories/GHSA-x68m-c7jf-2572

CVE-2026-42051

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment