PatchSiren cyber security CVE debrief
CVE-2026-54002 getkirby CVE debrief
A stored cross-site scripting vulnerability exists in Kirby, an open-source content management system, in versions prior to 4.9.4 and 5.4.4. The vulnerability arises from improper sanitization of user input in the writer or list fields or when calling certain sanitize functions with untrusted input, allowing malicious markup to be injected as children of an unknown HTML or XML tag. This issue can lead to stored cross-site scripting attacks, potentially allowing attackers to execute malicious scripts within the context of affected users.
- Vendor
- getkirby
- Product
- kirby
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Kirby CMS versions prior to 4.9.4 and 5.4.4 should apply the patches to prevent exploitation of this stored cross-site scripting vulnerability. System administrators and security teams responsible for managing and securing content management systems should prioritize patching affected deployments. Review of user input sanitization and cross-site scripting defenses is recommended for all deployments.
Technical summary
The vulnerability is caused by the improper sanitization of user input in the writer or list fields or when calling Dom::sanitize(), Sane::sanitize(), Sane::Html::sanitize(), Sane::Svg::sanitize(), Sane::Xml::sanitize(), Sane::sanitizeFile(), or file sanitizeContents() with untrusted input. This allows malicious markup injected as children of an unknown HTML or XML tag to pass through Dom::sanitize() without being correctly sanitized, leading to stored cross-site scripting.
Defensive priority
High priority should be given to applying patches for Kirby CMS versions prior to 4.9.4 and 5.4.4 to prevent exploitation of this vulnerability. System administrators and security teams should review and update their deployments as soon as possible to mitigate potential risks.
Recommended defensive actions
- Apply patches to upgrade Kirby CMS to version 4.9.4 or 5.4.4.
- Review and sanitize all user input to prevent malicious markup injection.
- Implement additional security measures to detect and prevent cross-site scripting attacks.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-07-09T19:17:05.977Z and was last modified on 2026-07-10T15:49:19.093Z. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope of affected products or potential impacts. Defenders should verify the vulnerability's existence and potential impact within their specific environments.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:05.977Z and has not been modified since then. The NVD entry is currently Deferred.