Auth bypass in Getkirby Kirby
CVE-2026-44176
Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the `pages.access` permission during page draft rendering. Permissions are defined for each user role in the user blueprint (site/blueprints…
Vulnerability class: Broken Access Control
Affected products
- Getkirby Kirby — versions < 4.9.1, >= 5.0.0, < 5.4.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)