PatchSiren cyber security CVE debrief
CVE-2026-54005 getkirby CVE debrief
CVE-2026-54005 is a high-severity vulnerability in Kirby CMS that allows authenticated users to retrieve page information without authorization. The issue was fixed in versions 4.9.4 and 5.4.4. This vulnerability affects users with public sites or sensitive information, who should prioritize patching to prevent unauthorized access to page information. The vulnerability class is related to improper authorization, allowing attackers to bypass access controls.
- Vendor
- getkirby
- Product
- kirby
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Kirby CMS, especially those with public sites or sensitive information, should prioritize patching to prevent unauthorized access to page information. This includes site administrators, security teams, and developers responsible for maintaining Kirby CMS installations. Additionally, users with high-security requirements or sensitive data should review and restrict access to the /api/site/find route.
Technical summary
Kirby CMS versions prior to 4.9.4 and 5.4.4 have a vulnerability that allows authenticated users to retrieve page information, including full content and metadata, for arbitrary published pages through the /api/site/find route without authorization to access those pages. The issue arises from insufficient access controls on the /api/site/find route, which can be exploited by authenticated users to access sensitive information.
Defensive priority
High priority should be given to patching Kirby CMS to prevent unauthorized access to sensitive information. Site administrators should review and restrict access to the /api/site/find route and monitor for suspicious activity.
Recommended defensive actions
- Apply patches or updates to Kirby CMS versions 4.9.4 or 5.4.4
- Review and restrict access to the /api/site/find route
- Monitor for suspicious activity related to page information disclosure
- Verify page access controls and ensure proper authorization
- Conduct a thorough review of site security and configuration
- Implement compensating controls for exposed systems while remediation is scheduled and verified
Evidence notes
The CVE record was published on 2026-07-09T19:17:06.400Z and was last modified on 2026-07-10T15:49:19.093Z. The NVD entry is currently Deferred. The vulnerability affects Kirby CMS versions prior to 4.9.4 and 5.4.4. Authenticated users can retrieve page information, including full content and metadata, for arbitrary published pages through the /api/site/find route without authorization to access those pages. The issue was fixed in versions 4.9.4 and 5.4.4. Evidence limits suggest verifying page access controls and monitoring for suspicious activity.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:06.400Z and has not been modified since then. The NVD entry is currently Deferred.