PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54004 getkirby CVE debrief

CVE-2026-54004 is a vulnerability in the Kirby content management system that allows unauthenticated access to draft file contents. This issue arises when the content.fileRedirects feature is enabled, allowing clean file URL requests for files stored in top-level draft pages to be redirected to physical media URLs without proper access permission checks or preview tokens. This could lead to the disclosure of draft file contents. The vulnerability has been addressed in Kirby versions 4.9.4 and 5.4.4.

Vendor
getkirby
Product
kirby
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Kirby content management system versions prior to 4.9.4 and 5.4.4 should be aware of this vulnerability, especially those with content.fileRedirects enabled. Site administrators and security teams should assess the risk and apply the necessary patches to prevent unauthorized access to sensitive draft content.

Technical summary

The CVE-2026-54004 vulnerability in Kirby's content management system allows unauthenticated users to access draft file contents through file redirects when the content.fileRedirects feature is enabled. This occurs because the system redirects clean file URL requests for files in top-level draft pages to physical media URLs without verifying page access permissions or preview tokens. The issue has been fixed in Kirby versions 4.9.4 and 5.4.4, which implement the necessary checks to prevent disclosure of draft file contents.

Defensive priority

Medium

Recommended defensive actions

  • Apply patches: Upgrade to Kirby version 4.9.4 or 5.4.4 to fix the vulnerability.
  • Assess content.fileRedirects: Evaluate the use of content.fileRedirects on your Kirby site and consider disabling it if not necessary.
  • Review access controls: Ensure that proper access controls and permissions are in place for draft content.
  • Monitor for suspicious activity: Keep an eye on your site for any unusual file access patterns that could indicate exploitation attempts.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.

Evidence notes

The CVE record was published on 2026-07-09T19:17:06.270Z and was last modified on 2026-07-10T15:49:19.093Z. The vulnerability details were obtained from the NVD and the Kirby GitHub repository. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify the affected scope and apply patches or mitigations accordingly.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:06.270Z and has not been modified since then.