CVE-2026-41325

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0

Description Kirby is an open-source content management system where user permissions and model blueprint options control authorization for actions such as pages.create, files.create, and users.create. A flaw allowed the override of these permissions during the creation of pages, files, and users by injecting custom dynamic blueprint configuration into the model data. By injecting options containing 'create' => true, an attacker could bypass the authorization settings configured by the site developer in the user and model blueprints.

Recommendations Update to version 4.9.0 or newer. Update to version 5.4.0 or newer.