Kirby: Read access to site, user and role information is...

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.

Basic Information

ID CVE-2026-42069

Source GitHub_M

Published May 9, 2026 at 03:35

Modified May 9, 2026 at 03:37

Affected Product

Vendor getkirby

Product kirby

Version < 4.9.0

Affected Versions getkirby kirby < 4.9.0
getkirby kirby >= 5.0.0, < 5.4.0

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.",
    "published": "2026-05-09T03:35:02.266Z",
    "modified": "2026-05-09T03:37:05.930Z",
    "type": "cve",
    "title": "Kirby: Read access to site, user and role information is not gated by permissions",
    "source": "GitHub_M",
    "references": "https://github.com/getkirby/kirby/security/advisories/GHSA-2h7v-4372-f6x2\nhttps://github.com/getkirby/kirby/releases/tag/4.9.0\nhttps://github.com/getkirby/kirby/releases/tag/5.4.0",
    "id": "CVE-2026-42069",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "getkirby kirby < 4.9.0\ngetkirby kirby >= 5.0.0, < 5.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "kirby",
    "version": "< 4.9.0",
    "vendor": "getkirby",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kirby: Read access to site, user and role information is not gated by permissions_CVE-2026-42069