Vulnerability in Getkirby Kirby

CVE-2026-34587

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for e…

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

Affected products

Getkirby Kirby — versions < 4.9.0, >= 5.0.0, < 5.4.0

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

https://github.com/getkirby/kirby/security/advisories/GHSA-jcjw-58rv-c452 (x_refsource_CONFIRM)
https://github.com/getkirby/kirby/releases/tag/4.9.0 (x_refsource_MISC)
https://github.com/getkirby/kirby/releases/tag/5.4.0 (x_refsource_MISC)