CVE-2026-42137
EUVD-2026-2888909.05.2026, 04:16
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| getkirby | kirby | 𝑥 < 4.9.0 |
| getkirby | kirby | 5.0.0 ≤ 𝑥 < 5.4.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration