PatchSiren cyber security CVE debrief
CVE-2026-49276 getkirby CVE debrief
A high-severity vulnerability was discovered in the Kirby content management system, affecting versions prior to 4.9.4 and 5.4.4. The vulnerability allows a user to inject a scripting link into the writer field of certain blueprints, enabling self cross-site scripting (XSS) in the Panel. This issue has significant implications for administrators and users of the Kirby CMS, particularly those using the writer field in any blueprint.
- Vendor
- getkirby
- Product
- kirby
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of the Kirby CMS, particularly those using the writer field in any blueprint, should be aware of this vulnerability and take immediate action to update to a patched version. Affected operators and security teams should review the vulnerability and implement necessary mitigations.
Technical summary
The vulnerability exists in the writer field of certain blueprints in Kirby CMS versions prior to 4.9.4 and 5.4.4. An attacker can inject a scripting link into the writer field, allowing for self cross-site scripting (XSS) in the Panel. This issue has been fixed in versions 4.9.4 and 5.4.4. Affected users should review and update any custom blueprints using the writer field, and administrators should ensure that all users are aware of the vulnerability and take necessary precautions to prevent exploitation. Additionally, users should monitor for suspicious activity in the Panel and review compensating controls for exposed systems while remediation is scheduled and verified.
Defensive priority
High
Recommended defensive actions
- Update to Kirby CMS version 4.9.4 or 5.4.4 or later
- Review and update any custom blueprints using the writer field
- Monitor for suspicious activity in the Panel
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-09T19:17:05.670Z and last modified on 2026-07-10T15:49:19.093Z. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of this vulnerability. Defenders should verify affected systems and review vendor advisories for specific guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:05.670Z and has not been modified since then. The NVD entry is currently Deferred.