PatchSiren cyber security CVE debrief
CVE-2026-44176 getkirby CVE debrief
The CVE record was published on 2026-07-16T22:17:01.967Z and has not been modified since then. The NVD entry is currently 6.0 MEDIUM. Kirby CMS versions prior to 4.9.1 and 5.4.1 have a vulnerability where page drafts can be accessed by any authenticated user, even if they do not have access to the specific page model. This vulnerability affects the path resolver for the main CMS router.
- Vendor
- getkirby
- Product
- kirby
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Users of Kirby CMS versions prior to 4.9.1 and 5.4.1 should review and apply patches. This includes administrators, security teams, and operators who manage Kirby CMS deployments. They should also review user roles and permissions to ensure proper access controls are in place, monitor for suspicious activity, and confirm whether affected product deployments exist in managed environments.
Technical summary
Kirby CMS versions prior to 4.9.1 and 5.4.1 have a vulnerability where page drafts can be accessed by any authenticated user, even if they do not have access to the specific page model. The vulnerability affects the path resolver for the main CMS router. Authenticated attackers with knowledge of the full path to an existing page draft could then access the rendered frontend page. This could lead to the disclosure of sensitive information, e.g. ahead of the launch of a new product or post. The vulnerability has been fixed in versions 4.9.1 and 5.4.1. To prevent unauthorized access to page drafts, users should review and apply patches, review user roles and permissions, and monitor for suspicious activity.
Defensive priority
Apply patches to prevent unauthorized access to page drafts. Review user roles and permissions to ensure proper access controls are in place.
Recommended defensive actions
- Apply Kirby CMS version 4.9.1 or 5.4.1 or later
- Review user roles and permissions
- Monitor for suspicious activity
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The vulnerability affects the path resolver for the main CMS router. Kirby allowed page drafts to be rendered if any valid user was authenticated, even if that user did not have access to the specific page model. Authenticated attackers with knowledge of the full path to an existing page draft could then access the rendered frontend page. This could lead to the disclosure of sensitive information, e.g. ahead of the launch of a new product or post. The vulnerability has been fixed in versions 4.9.1 and 5.4.1. Users should review and apply patches. The NVD entry is currently 6.0 MEDIUM.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T22:17:01.967Z and has not been modified since then. The NVD entry is currently 6.0 MEDIUM.