Auth bypass in Getkirby Kirby

CVE-2026-54005

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, in…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References