3 matches found
CVE-2026-42051
CVE-2026-42051 affects Kirby CMS. The issue: the /api/system endpoint exposed installed Kirby version and license data to authenticated users due to missing authorization. It is patched in Kirby 4.9.0 and 5.4.0, with the fix enforcing the access.system permission to restrict exposure. Impact is а...
EUVD-2026-28887
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...