CVE-2026-42069

HIGH SEVERITY

Vulnerability Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 12, 2026

CWE ID

CWE-862

Source

GitHub

Vendor

composer

Product

getkirby/cms

External References

https://github.com/getkirby/kirby/security/advisories/GHSA-2h7v-4372-f6x2
https://github.com/getkirby/kirby/releases/tag/4.9.0
https://github.com/getkirby/kirby/releases/tag/5.4.0
https://github.com/advisories/GHSA-2h7v-4372-f6x2

CVE-2026-42069

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment