What is CVE-2026-42069?

CVE-2026-42069 is a medium-severity vulnerability in Getkirby Kirby, classified under Missing Authorization. CVSS score: 6.5/10. Published 2026-05-09.

How severe is CVE-2026-42069?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in Getkirby Kirby

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.

Vulnerability class: Broken Access Control

EPSS: 0.000 (7.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Getkirby Kirby — versions < 4.9.0, >= 5.0.0, < 5.4.0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

security-advisories@github.com (x_refsource_MISC, Release Notes)
security-advisories@github.com (x_refsource_MISC, Release Notes)
security-advisories@github.com (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2026-42069?: CVE-2026-42069 is a medium-severity vulnerability in Getkirby Kirby, classified under Missing Authorization. CVSS score: 6.5/10. Published 2026-05-09.
How severe is CVE-2026-42069?: Medium severity. CVSS v3 base score is 6.5 out of 10.