Auth bypass in Getkirby Kirby

CVE-2026-54004

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References