EUVD-2026-25368

🗓️ 24 Apr 2026 00:19:13Reported by EUVDType

Kirby patches Xml::value CDATA handling to prevent mixed content bypass before four point nine and five point four.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-32870	24 Apr 202600:19	–	attackerkb
CNNVD	Kirby 安全漏洞	24 Apr 202600:00	–	cnnvd
CVE	CVE-2026-32870	24 Apr 202600:19	–	cve
Cvelist	CVE-2026-32870 Kirby has XML injection in its XML creator toolkit	24 Apr 202600:19	–	cvelist
Github Security Blog	Kirby has XML injection in its XML creator toolkit	23 Apr 202621:21	–	github
NVD	CVE-2026-32870	24 Apr 202601:16	–	nvd
OSV	GHSA-9WFJ-C55W-J9QR Kirby has XML injection in its XML creator toolkit	23 Apr 202621:21	–	osv
Positive Technologies	PT-2026-34815	23 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-32870	5 Jun 202619:35	–	redhatcve
Snyk	XML Injection	24 Apr 202602:53	–	snyk

[
  {
    "enisaIdVendor": [
      {
        "id": "a81326ac-613b-371c-b553-0a7d7ab47237",
        "vendor": {
          "name": "getkirby"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "c390dc29-4696-348f-b9f8-e4ff415c07b4",
        "product": {
          "name": "kirby"
        },
        "product_version": "5.0.0, < 5.4.0"
      },
      {
        "id": "e73aa15c-cdd5-3c6a-9e43-f1611dc490af",
        "product": {
          "name": "kirby"
        },
        "product_version": "< 4.9.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/getkirby/kirby/security/advisories/GHSA-9wfj-c55w-j9qr
github	www.github.com/getkirby/kirby/releases/tag/4.9.0
github	www.github.com/getkirby/kirby/releases/tag/5.4.0

24 Apr 2026 16:30Current

5.1Medium risk

Vulners AI Score5.1

CVSS 46.9

EPSS0.00043

SSVC