CVE-2026-54005
Kirby CMS has a vulnerability tracked as CVE-2026-54005 where the /api/site/find route does not check the pages.access permission. Prior to versions 4.9.4 and 5.4.4, authenticated users who know or guess page IDs or UUIDs could retrieve full page content and metadata for arbitrary published pages...