CVE-2026-42051 | THREATINT

Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0.

PUBLISHED Reserved 2026-04-23 | Published 2026-05-09 | Updated 2026-05-09 | Assigner GitHub_M

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

< 4.9.0

affected

>= 5.0.0, < 5.4.0

affected

References

github.com/.../kirby/security/advisories/GHSA-x68m-c7jf-2572

github.com/getkirby/kirby/releases/tag/4.9.0

github.com/getkirby/kirby/releases/tag/5.4.0

cve.org (CVE-2026-42051)

nvd.nist.gov (CVE-2026-42051)

Download JSON