CVE-2026-21896

Medium CVSS: 5.8

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific role(s) from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. This vulnerability does not affect those who have not altered the deviated from default user permissions. This issue has been patched in version 5.2.2.

Vendor

Getkirby

Product

Kirby

CWE

CWE-863

Yayın Tarihi

2026-01-08 18:15:59

Güncelleme

2026-02-02 19:02:51

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Kirby MEDIUM Getkirby 2026

Referanslar

https://github.com/getkirby/kirby/commit/f5ce1347b427b819bf193acf11fd0da232f7af47 https://github.com/getkirby/kirby/releases/tag/5.2.2 https://github.com/getkirby/kirby/security/advisories/GHSA-4j78-4xrm-cr2f

Benzer Kayıtlar

Medium

CVE-2026-29905

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (…

Medium

CVE-2025-65012

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any…

Medium

CVE-2025-31493

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 aff…

Low

CVE-2025-30207

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 aff…

Medium

CVE-2025-30159

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 aff…