Getkirby Kirby
29 CVEs affecting Getkirby Kirby. Latest disclosed: 2026-05-09. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-41964 | High | 8.1 | 2024-08-29 | Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted… |
CVE-2021-29460 | High | 7.6 | 2021-04-27 | Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `<script>` tags. The dire… |
CVE-2023-38489 | High | 7.3 | 2023-07-27 | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user acco… |
CVE-2021-41258 | High | 7.3 | 2021-11-16 | Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is then used in block s… |
CVE-2021-41252 | High | 7.3 | 2021-11-16 | Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not… |
CVE-2023-38488 | High | 7.1 | 2023-07-27 | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might hav… |
CVE-2021-32735 | High | 7.1 | 2021-07-02 | Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example)… |
CVE-2023-38490 | Medium | 6.8 | 2023-07-27 | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the… |
CVE-2020-26255 | Medium | 6.8 | 2020-12-08 | Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upl… |
CVE-2020-26253 | Medium | 6.8 | 2020-12-08 | Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may b… |
CVE-2026-42137 | Medium | 6.5 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consisten… |
CVE-2026-42069 | Medium | 6.5 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permission… |
CVE-2022-39315 | Medium | 6.5 | 2022-10-25 | Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with use… |
CVE-2022-36037 | Medium | 5.9 | 2022-08-29 | kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a… |
CVE-2023-38491 | Medium | 5.7 | 2023-07-27 | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might hav… |
CVE-2023-38492 | Medium | 5.3 | 2023-07-27 | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user acco… |
CVE-2022-39314 | Medium | 4.8 | 2022-10-24 | Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excess… |
CVE-2024-27087 | Medium | 4.6 | 2024-02-26 | Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the r… |
CVE-2026-42174 | Medium | 4.3 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user upda… |
CVE-2026-42051 | Medium | 4.3 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authe… |