Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/12 8:20 a.m.11 views

CVE-2026-42137

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS5.7AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 4:16 a.m.17 views

CVE-2026-42137

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 3:38 a.m.11 views

EUVD-2026-28889

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS5.7AI score0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/09 3:38 a.m.43 views

CVE-2026-42137 Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/09 3:38 a.m.8 views

CVE-2026-42137 Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS5.7AI score0.00303EPSS
Exploits0References3
CVE
CVE
added 2026/05/09 3:38 a.m.19 views

CVE-2026-42137

Kirby CVE-2026-42137 affects the open-source Kirby CMS. Prior to versions 4.9.0 and 5.4.0, the Panel and REST API did not consistently enforce pages.access/list and files.access/list permissions, enabling missing authorization in some collections and related models. The issue has been fixed in Ki...

7.1CVSS5.7AI score0.00303EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.8 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from insufficient checks for consistency in permissions for functions like Panel and REST API’s pages.access/list and...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2
Rows per page
Query Builder