Vulnerability in Getkirby Kirby
CVE-2026-44174
Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes that were used in its collection queries, allowing attackers to include arbitrary model methods in their queries. This…
Affected products
- Getkirby Kirby — versions < 4.9.1, >= 5.0.0, < 5.4.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)