Kirby: System API endpoint leaks license data and installed version...

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0.

Basic Information

ID CVE-2026-42051

Source GitHub_M

Published May 9, 2026 at 03:37

Affected Product

Vendor getkirby

Product kirby

Version < 4.9.0

Affected Versions getkirby kirby < 4.9.0
getkirby kirby >= 5.0.0, < 5.4.0

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0.",
    "published": "2026-05-09T03:37:42.707Z",
    "modified": "2026-05-09T03:37:42.707Z",
    "type": "cve",
    "title": "Kirby: System API endpoint leaks license data and installed version to authenticated users",
    "source": "GitHub_M",
    "references": "https://github.com/getkirby/kirby/security/advisories/GHSA-x68m-c7jf-2572\nhttps://github.com/getkirby/kirby/releases/tag/4.9.0\nhttps://github.com/getkirby/kirby/releases/tag/5.4.0",
    "id": "CVE-2026-42051",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "getkirby kirby < 4.9.0\ngetkirby kirby >= 5.0.0, < 5.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "kirby",
    "version": "< 4.9.0",
    "vendor": "getkirby",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kirby: System API endpoint leaks license data and installed version to authenticated users_CVE-2026-42051