PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44174 getkirby CVE debrief

The CVE record for CVE-2026-44174 was published on 2026-07-16T22:17:01.650Z and has not been modified since then. The NVD entry is currently 8.7 HIGH. Kirby CMS did not validate model attributes used in collection queries, allowing attackers to include arbitrary model methods. This could lead to disclosure of sensitive data or impactful actions. Users of Kirby CMS versions prior to 4.9.1 and 5.4.1 should apply patches to prevent potential attacks.

Vendor
getkirby
Product
kirby
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of Kirby CMS versions prior to 4.9.1 and 5.4.1 should apply patches to prevent potential attacks. Affected operators, platforms, vulnerability-management, and security teams should review and update collection queries to ensure proper validation.

Technical summary

Kirby CMS did not validate model attributes used in collection queries, allowing attackers to include arbitrary model methods. This could lead to disclosure of sensitive data or impactful actions such as loginPasswordless() or delete(). The issue has been fixed in versions 4.9.1 and 5.4.1. Affected product context and defensive impact should be considered. Users of Kirby CMS versions prior to 4.9.1 and 5.4.1 should apply patches to prevent potential attacks and review collection queries to ensure proper validation, considering defensive priorities and potential impacts on managed environments.

Defensive priority

High priority due to potential for sensitive data disclosure and privilege escalation.

Recommended defensive actions

  • Apply patches to Kirby CMS versions prior to 4.9.1 and 5.4.1
  • Review and update collection queries to ensure proper validation
  • Monitor for suspicious activity related to Kirby CMS
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

Evidence is based on official CVE and NVD records, as well as vendor advisories. The CVE record was published on 2026-07-16T22:17:01.650Z and has not been modified since then. The NVD entry is currently 8.7 HIGH. Affected product deployments should be confirmed in managed environments and assigned an owner for follow-up. Official advisories or CVE records should be reviewed to validate affected scope, severity, and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T22:17:01.650Z and has not been modified since then. The NVD entry is currently 8.7 HIGH.