PatchSiren cyber security CVE debrief
CVE-2026-45334 getkirby CVE debrief
A vulnerability in Kirby, an open-source content management system, allowed low-privilege authenticated users to learn the email address and identifier of any user who currently had a model open for editing in the Panel. This issue has been fixed in versions 4.9.1 and 5.4.1. The vulnerability affects Kirby installations with low-privilege authenticated Panel users, who could exploit this issue to learn sensitive information about other users. The issue has a medium severity and CVSS score of 5.3.
- Vendor
- getkirby
- Product
- kirby
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Users of Kirby CMS, especially those with low-privilege authenticated Panel users, should be aware of this vulnerability and take steps to upgrade to a patched version. Affected operators should review user roles and permissions, and security teams should monitor for suspicious activity. Platform administrators should verify that their installations are not exposed and plan vendor-supported updates or mitigations.
Technical summary
The content-locking feature in Kirby returned lock information without checking the requesting user's access permissions. This allowed low-privilege authenticated Panel users to learn the email address and identifier of any user who currently had a model open for editing in the Panel, including administrators and other higher-privilege users. The vulnerability affects Kirby installations with low-privilege authenticated Panel users and has been fixed in versions 4.9.1 and 5.4.1.
Defensive priority
Medium priority, as it allows for admin account enumeration, target phishing, and feed credential-stuffing attacks.
Recommended defensive actions
- Upgrade to Kirby version 4.9.1 or 5.4.1
- Review and adjust user roles and permissions
- Monitor for suspicious activity
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-16T22:17:02.550Z and has not been modified since then. The NVD entry is currently 5.3 (MEDIUM). The content-locking feature in Kirby returned lock information without checking the requesting user's access permissions, allowing low-privilege authenticated Panel users to learn the email address and identifier of any user who currently had a model open for editing in the Panel. This issue has been fixed in versions 4.9.1 and 5.4.1. Evidence limits suggest that defenders verify affected Kirby installations and review user roles and permissions.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T22:17:02.550Z and has not been modified since then.