Auth bypass in Getkirby Kirby

CVE-2026-44176

Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the `pages.access` permission during page draft rendering. Permissions are defined for each user role in the user blueprint (site/blueprints…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References