Home/Product/getkirby kirby
Product

getkirby kirby

42 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-42174
< 4.9.0
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deleti
4.3MEDIUM
 CVE-2026-42137
< 4.9.0
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list
6.5MEDIUM
 CVE-2026-42069
< 4.9.0
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role informati
6.5MEDIUM
 CVE-2026-42051
< 4.9.0
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data a
4.3MEDIUM
 CVE-2026-41325
< 4.9.0
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific
8.8HIGH
 CVE-2026-40099
< 4.9.0
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific
6.5MEDIUM
 CVE-2026-34587
< 4.9.0
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user
8.1HIGH
 CVE-2026-32870
< 4.9.0
Kirby is an open-source content management system. Kirby's Xml::value() method has special handling for <![CDATA[ ]]> blocks.
7.5HIGH
 CVE-2026-29905
<= 5.1.4
Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a
6.5MEDIUM
 CVE-2026-21896
>= 5.0.0 and < 5.2.2
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content
5.7MEDIUM
 CVE-2025-65012
>= 5.0.0 and < 5.1.4
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or t
5.4MEDIUM
 CVE-2025-31493
< 3.9.8.3
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all K
9.1CRITICAL
 CVE-2025-30207
< 3.9.8.3
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all K
7.5HIGH
 CVE-2025-30159
< 3.9.8.3
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all K
9.1CRITICAL
 CVE-2024-41964
< 3.6.6.6
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that rol
8.1HIGH
 CVE-2024-27087
>= 4.0.0 and < 4.1.1
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each valid
4.6MEDIUM
 CVE-2024-26484
all versions
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execut
6.1MEDIUM
 CVE-2024-26483
< 3.6.6.5
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code
8.8HIGH
 CVE-2024-26482
all versions
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the signif
7.1HIGH
 CVE-2024-26481
< 3.6.6.5
Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.
4.7MEDIUM
 CVE-2023-38492
>= 3.5.0 and < 3.5.8.3
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects a
5.3MEDIUM
 CVE-2023-38491
>= 3.5.0 and < 3.5.8.3
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects a
5.7MEDIUM
 CVE-2023-38490
>= 3.5.0 and < 3.5.8.3
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affe
6.8MEDIUM
 CVE-2023-38489
>= 3.5.0 and < 3.5.8.3
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects a
7.3HIGH
 CVE-2023-38488
>= 3.5.0 and < 3.5.8.3
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects a
7.1HIGH
 CVE-2022-39315
< 3.5.8.2
Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability aff
6.5MEDIUM
 CVE-2022-39314
< 3.5.8.2
Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to I
3.7LOW
 CVE-2022-36037
< 3.5.8.1
kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cr
5.9MEDIUM
 CVE-2018-14520
all versions
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into a
5.4MEDIUM
 CVE-2018-14519
all versions
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a mal
4.3MEDIUM
 CVE-2021-41258
>= 3.5.0 and <= 3.5.7.1
Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This
7.3HIGH
 CVE-2021-41252
>= 3.5.0 and <= 3.5.7.1
Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with
7.3HIGH
 CVE-2021-32735
< 3.5.7
Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's ListItem component (used in the pages a
7.1HIGH
 CVE-2021-29460
< 3.5.4
Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content l
7.6HIGH
 CVE-2020-26255
< 3.4.5
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full acce
6.8MEDIUM
 CVE-2020-26253
< 3.3.6
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability i
6.8MEDIUM
 CVE-2018-16624
all versions
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.
5.4MEDIUM
 CVE-2018-16623
all versions
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
4.8MEDIUM
 CVE-2018-16630
all versions
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
4.8MEDIUM
 CVE-2018-16627
all versions
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
6.1MEDIUM
 CVE-2018-16628
all versions
panel/login in Kirby v2.5.12 allows XSS via a blog name.
5.4MEDIUM
 CVE-2015-7773
<= 2.1.1
Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated u
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin