CVE-2026-42069 | THREATINT

Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.

PUBLISHED Reserved 2026-04-23 | Published 2026-05-09 | Updated 2026-05-09 | Assigner GitHub_M

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

< 4.9.0

affected

>= 5.0.0, < 5.4.0

affected

References

github.com/.../kirby/security/advisories/GHSA-2h7v-4372-f6x2

github.com/getkirby/kirby/releases/tag/4.9.0

github.com/getkirby/kirby/releases/tag/5.4.0

cve.org (CVE-2026-42069)

nvd.nist.gov (CVE-2026-42069)

Download JSON