PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44176 getkirby CVE debrief

The CVE record was published on 2026-07-16T22:17:01.967Z and has not been modified since then. The NVD entry is currently 6.0 MEDIUM. Kirby CMS versions prior to 4.9.1 and 5.4.1 have a vulnerability where page drafts can be accessed by any authenticated user, even if they do not have access to the specific page model. This vulnerability affects the path resolver for the main CMS router.

Vendor
getkirby
Product
kirby
CVSS
MEDIUM 6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of Kirby CMS versions prior to 4.9.1 and 5.4.1 should review and apply patches. This includes administrators, security teams, and operators who manage Kirby CMS deployments. They should also review user roles and permissions to ensure proper access controls are in place, monitor for suspicious activity, and confirm whether affected product deployments exist in managed environments.

Technical summary

Kirby CMS versions prior to 4.9.1 and 5.4.1 have a vulnerability where page drafts can be accessed by any authenticated user, even if they do not have access to the specific page model. The vulnerability affects the path resolver for the main CMS router. Authenticated attackers with knowledge of the full path to an existing page draft could then access the rendered frontend page. This could lead to the disclosure of sensitive information, e.g. ahead of the launch of a new product or post. The vulnerability has been fixed in versions 4.9.1 and 5.4.1. To prevent unauthorized access to page drafts, users should review and apply patches, review user roles and permissions, and monitor for suspicious activity.

Defensive priority

Apply patches to prevent unauthorized access to page drafts. Review user roles and permissions to ensure proper access controls are in place.

Recommended defensive actions

  • Apply Kirby CMS version 4.9.1 or 5.4.1 or later
  • Review user roles and permissions
  • Monitor for suspicious activity
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The vulnerability affects the path resolver for the main CMS router. Kirby allowed page drafts to be rendered if any valid user was authenticated, even if that user did not have access to the specific page model. Authenticated attackers with knowledge of the full path to an existing page draft could then access the rendered frontend page. This could lead to the disclosure of sensitive information, e.g. ahead of the launch of a new product or post. The vulnerability has been fixed in versions 4.9.1 and 5.4.1. Users should review and apply patches. The NVD entry is currently 6.0 MEDIUM.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T22:17:01.967Z and has not been modified since then. The NVD entry is currently 6.0 MEDIUM.