← Zuruck zu CVEs
CVE-2026-21896
MEDIUM5.7
Beschreibung
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific role(s) from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. This vulnerability does not affect those who have not altered the deviated from default user permissions. This issue has been patched in version 5.2.2.
CVE Details
CVSS v3.1 Bewertung5.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht1/8/2026
Zuletzt geandert2/2/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
getkirby:kirby
Schwachen (CWE)
CWE-863
Referenzen
https://github.com/getkirby/kirby/commit/f5ce1347b427b819bf193acf11fd0da232f7af47(security-advisories@github.com)
https://github.com/getkirby/kirby/releases/tag/5.2.2(security-advisories@github.com)
https://github.com/getkirby/kirby/security/advisories/GHSA-4j78-4xrm-cr2f(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.