Primary

Context

Kirby Read Access Vulnerability Prior to Versions 4.9.0 and 5.4.0

Vulnerability

Patched

A vulnerability exists in Kirby, an open-source content management system, prior to versions 4.9.0 and 5.4.0, where read access to site, user, and role information is not properly restricted by permissions. This flaw allows authenticated users to access sensitive information they should not be able to.

Impact

The vulnerability can lead to unauthorized access to site, user, and role information, including sensitive content within these models. This lack of permission gating could be exploited by authenticated users to access information or perform actions that are not intended for their user role.

Remediation

Users are advised to upgrade to Kirby versions 4.9.0 or 5.4.0. Instructions for downloading these versions are available on the Kirby GitHub releases page.

Added: May 9, 2026, 4:24 AM

Updated: May 9, 2026, 4:24 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kirby Read Access Vulnerability Prior to Versions 4.9.0 and 5.4.0

Vulnerability

Impact

Remediation

Affected Products

getkirby/kirby

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating