PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54002 getkirby CVE debrief

A stored cross-site scripting vulnerability exists in Kirby, an open-source content management system, in versions prior to 4.9.4 and 5.4.4. The vulnerability arises from improper sanitization of user input in the writer or list fields or when calling certain sanitize functions with untrusted input, allowing malicious markup to be injected as children of an unknown HTML or XML tag. This issue can lead to stored cross-site scripting attacks, potentially allowing attackers to execute malicious scripts within the context of affected users.

Vendor
getkirby
Product
kirby
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Kirby CMS versions prior to 4.9.4 and 5.4.4 should apply the patches to prevent exploitation of this stored cross-site scripting vulnerability. System administrators and security teams responsible for managing and securing content management systems should prioritize patching affected deployments. Review of user input sanitization and cross-site scripting defenses is recommended for all deployments.

Technical summary

The vulnerability is caused by the improper sanitization of user input in the writer or list fields or when calling Dom::sanitize(), Sane::sanitize(), Sane::Html::sanitize(), Sane::Svg::sanitize(), Sane::Xml::sanitize(), Sane::sanitizeFile(), or file sanitizeContents() with untrusted input. This allows malicious markup injected as children of an unknown HTML or XML tag to pass through Dom::sanitize() without being correctly sanitized, leading to stored cross-site scripting.

Defensive priority

High priority should be given to applying patches for Kirby CMS versions prior to 4.9.4 and 5.4.4 to prevent exploitation of this vulnerability. System administrators and security teams should review and update their deployments as soon as possible to mitigate potential risks.

Recommended defensive actions

  • Apply patches to upgrade Kirby CMS to version 4.9.4 or 5.4.4.
  • Review and sanitize all user input to prevent malicious markup injection.
  • Implement additional security measures to detect and prevent cross-site scripting attacks.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-09T19:17:05.977Z and was last modified on 2026-07-10T15:49:19.093Z. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope of affected products or potential impacts. Defenders should verify the vulnerability's existence and potential impact within their specific environments.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:05.977Z and has not been modified since then. The NVD entry is currently Deferred.