cvedb.io
CVE-2026-41325
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-04-24T01:16:12.427 · Last modified 2026-06-17T10:46:30.697

Summary

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint (`site/blueprints/users/...`). It is also possible to customize the permissions for each target model in the model blueprints (such as in `site/blueprints/pages/...`) using the `options` feature. The permissions and options together control the authorization of user actions. Kirby provides the `pages.create`, `files.create` and `users.create` permissions (among others). These permissions can again be set in the user blueprint and/or in the blueprint of the target model via `options`. Prior to versions 4.9.0 and 5.4.0, Kirby allowed to override the `options` d

Affected products

getkirby — kirby

Does this affect you?

Add your gear to cvedb and we'll alert you only when getkirby ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.