Auth bypass in Getkirby Kirby
CVE-2026-45334
Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-lock…
Vulnerability class: Broken Access Control
Affected products
- Getkirby Kirby — versions < 4.9.1, >= 5.0.0, < 5.4.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)