getkirby/cms Security Advisories for 3.10.0.1 (11)
-
[MEDIUM] Kirby CMS's system API endpoint leaks installed version and license data to authenticated users
PKSA-d1w9-s6x2-nh6p CVE-2026-42051 GHSA-x68m-c7jf-2572
Affected version: >=5.0.0,<=5.3.3|<=4.8.0
Reported by:
GitHub -
[MEDIUM] Kirby CMS doesn't gate user avatar creation, replacement and deletion with user update permissions
PKSA-p78d-845h-8y84 CVE-2026-42174 GHSA-39cp-6679-8xv2
Affected version: >=5.0.0,<=5.3.3|<=4.8.0
Reported by:
GitHub -
[HIGH] Kirby CMS's read access to site, user and role information is not gated by permissions
PKSA-wrgq-xy3s-q6nz CVE-2026-42069 GHSA-2h7v-4372-f6x2
Affected version: >=5.0.0,<=5.3.3|<=4.8.0
Reported by:
GitHub -
[HIGH] Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API
PKSA-bpcj-ysn7-my14 CVE-2026-42137 GHSA-85x2-r8xv-ww8c
Affected version: >=5.0.0,<=5.3.3|<=4.8.0
Reported by:
GitHub -
[HIGH] Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection
PKSA-m1sp-3j4c-yg88 CVE-2026-41325 GHSA-6gqr-mx34-wh8r
Affected version: >=5.0.0,<5.4.0|<4.9.0
Reported by:
GitHub -
[MEDIUM] Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter
PKSA-pyk9-2q1t-drry CVE-2026-40099 GHSA-w942-j9r6-hr6r
Affected version: >=5.0.0,<5.4.0|<4.9.0
Reported by:
GitHub -
[HIGH] Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering
PKSA-w67s-1md9-r7dk CVE-2026-34587 GHSA-jcjw-58rv-c452
Affected version: >=5.0.0,<5.4.0|<4.9.0
Reported by:
GitHub -
[MEDIUM] Kirby has XML injection in its XML creator toolkit
PKSA-rr97-2byk-h46m CVE-2026-32870 GHSA-9wfj-c55w-j9qr
Affected version: >=5.0.0,<5.4.0|<4.9.0
Reported by:
GitHub -
[LOW] Kirby vulnerable to path traversal in the router for PHP's built-in server
PKSA-psph-xw59-snn6 CVE-2025-30207 GHSA-9p3p-w5jf-8xxg
Affected version: >=4.0.0,<4.7.1|>=3.10.0,<3.10.1.2|<3.9.8.3
Reported by:
GitHub -
[MEDIUM] Kirby vulnerable to path traversal of collection names during file system lookup
PKSA-2y53-wq8k-h8qy CVE-2025-31493 GHSA-x275-h9j4-7p4h
Affected version: >=4.0.0,<4.7.1|>=3.10.0,<3.10.1.2|<3.9.8.3
Reported by:
GitHub -
[HIGH] Kirby has insufficient permission checks in the language settings
PKSA-qp36-pv2c-kj8n CVE-2024-41964 GHSA-jm9m-rqr3-wfmh
Affected version: >=4.0.0,<=4.3.0|>=3.10.0,<=3.10.1|>=3.9.0,<=3.9.8.1|>=3.8.0,<=3.8.4.3|>=3.7.0,<=3.7.5.4|<=3.6.6.5
Reported by:
GitHub