PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44175 getkirby CVE debrief

The CVE record describes a cross-site scripting (XSS) vulnerability in Kirby, an open-source content management system. Versions prior to 4.9.1 and 5.4.1 did not securely sanitize the contents of the list field on save, leaving it vulnerable to XSS attacks. The list field stores its formatted content as HTML, and unlike other field types, its HTML special characters cannot be escaped without losing the formatting. Sanitization was only enforced client-side in the Panel, while the server did not sanitize the content on save. An attacker could bypass the Panel and send malicious HTML directly to Kirby's API, storing unsanitized markup in the content file. That markup would then be rendered on the site frontend and executed in the browsers of site visitors and logged-in users browsing the site, resulting in persistent XSS. This vulnerability has significant implications for the security of Kirby CMS deployments, particularly those with untrusted user input.

Vendor
getkirby
Product
kirby
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of Kirby CMS versions prior to 4.9.1 and 5.4.1 should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to a patched version of Kirby and ensuring that all user-input data is properly sanitized. System administrators, security teams, and developers responsible for maintaining Kirby CMS deployments should prioritize remediation efforts and review their system's configuration to prevent exploitation.

Technical summary

The vulnerability exists in the list field of Kirby CMS, where user-input data is not properly sanitized on save. This allows an attacker to inject malicious HTML code, which can then be executed in the browsers of site visitors and logged-in users. The vulnerability has been fixed in versions 4.9.1 and 5.4.1 of Kirby CMS. Affected systems may be vulnerable to persistent cross-site scripting (XSS) attacks, potentially allowing attackers to steal user data or take control of user sessions. Defenders should prioritize upgrading to a patched version of Kirby CMS and ensure that all user-input data is properly sanitized.

Defensive priority

High

Recommended defensive actions

  • Upgrade to Kirby CMS version 4.9.1 or 5.4.1 or later
  • Ensure that all user-input data is properly sanitized
  • Monitor for suspicious activity on your Kirby CMS site
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its description, CVSS score, and affected versions of Kirby CMS. Evidence is limited to public sources and may not reflect the full scope of affected systems or potential impact. Defenders should verify the vulnerability's existence and potential impact on their systems, considering factors such as system configuration and user interaction. Additional information may be necessary to fully understand the vulnerability's implications.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T22:17:01.833Z and has not been modified since then.