CVE-2026-29905

Medium CVSS: 6.5

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError.

Vendor

Getkirby

Product

Kirby

CWE

CWE-20

Yayın Tarihi

2026-03-26 17:16:34

Güncelleme

2026-04-02 17:28:02

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 Kirby MEDIUM Getkirby 2026

Referanslar

https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing https://github.com/Stalin-143/CVE-2026-29905 https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1

Benzer Kayıtlar

Medium

CVE-2026-21896

Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in t…

Medium

CVE-2025-65012

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any…

Medium

CVE-2025-31493

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 aff…

Low

CVE-2025-30207

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 aff…

Medium

CVE-2025-30159

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 aff…