2 matches found
CVE-2026-49274
CVE-2026-49274 affects Kirby CMS prior to versions 4.9.4 and 5.4.4. When the pages field is used and a role has pages.access disabled, authenticated users could supply an inaccessible parent page or site to the page picker backend, enabling confirmation of page existence and retrieval of title fi...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the backend logic for the pages picker process. An attacker can confirm the existence of arbitrary pages and retrieve the value of the title field by providing the full path to an existing page as an...