PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54005 getkirby CVE debrief

CVE-2026-54005 is a high-severity vulnerability in Kirby CMS that allows authenticated users to retrieve page information without authorization. The issue was fixed in versions 4.9.4 and 5.4.4. This vulnerability affects users with public sites or sensitive information, who should prioritize patching to prevent unauthorized access to page information. The vulnerability class is related to improper authorization, allowing attackers to bypass access controls.

Vendor
getkirby
Product
kirby
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Kirby CMS, especially those with public sites or sensitive information, should prioritize patching to prevent unauthorized access to page information. This includes site administrators, security teams, and developers responsible for maintaining Kirby CMS installations. Additionally, users with high-security requirements or sensitive data should review and restrict access to the /api/site/find route.

Technical summary

Kirby CMS versions prior to 4.9.4 and 5.4.4 have a vulnerability that allows authenticated users to retrieve page information, including full content and metadata, for arbitrary published pages through the /api/site/find route without authorization to access those pages. The issue arises from insufficient access controls on the /api/site/find route, which can be exploited by authenticated users to access sensitive information.

Defensive priority

High priority should be given to patching Kirby CMS to prevent unauthorized access to sensitive information. Site administrators should review and restrict access to the /api/site/find route and monitor for suspicious activity.

Recommended defensive actions

  • Apply patches or updates to Kirby CMS versions 4.9.4 or 5.4.4
  • Review and restrict access to the /api/site/find route
  • Monitor for suspicious activity related to page information disclosure
  • Verify page access controls and ensure proper authorization
  • Conduct a thorough review of site security and configuration
  • Implement compensating controls for exposed systems while remediation is scheduled and verified

Evidence notes

The CVE record was published on 2026-07-09T19:17:06.400Z and was last modified on 2026-07-10T15:49:19.093Z. The NVD entry is currently Deferred. The vulnerability affects Kirby CMS versions prior to 4.9.4 and 5.4.4. Authenticated users can retrieve page information, including full content and metadata, for arbitrary published pages through the /api/site/find route without authorization to access those pages. The issue was fixed in versions 4.9.4 and 5.4.4. Evidence limits suggest verifying page access controls and monitoring for suspicious activity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:06.400Z and has not been modified since then. The NVD entry is currently Deferred.