Kirby

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-21896 MEDIUM PATCH This Month

Kirby CMS versions 5.0.0-5.2.1 fail to enforce permission checks in the content changes API, allowing authenticated users with restricted roles to modify site content despite having update permissions disabled. This affects only installations with custom permission configurations designed to prevent write access for specific user roles. A patch is available in version 5.2.2.

Authentication Bypass Kirby
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-65012 MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kirby
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-31493 MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2025-30207 LOW PATCH Monitor

Kirby is an open-source content management system. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nginx Apache PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
2.3
EPSS
0.6%
CVE-2025-30159 MEDIUM POC PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
6.3
EPSS
0.9%
CVE-2026-21896
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Kirby CMS versions 5.0.0-5.2.1 fail to enforce permission checks in the content changes API, allowing authenticated users with restricted roles to modify site content despite having update permissions disabled. This affects only installations with custom permission configurations designed to prevent write access for specific user roles. A patch is available in version 5.2.2.

Authentication Bypass Kirby
NVD GitHub
CVE-2025-65012
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kirby
NVD GitHub
CVE-2025-31493
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVE-2025-30207
EPSS 1% CVSS 2.3
LOW PATCH Monitor

Kirby is an open-source content management system. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nginx Apache PHP +2
NVD GitHub
CVE-2025-30159
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Kirby
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy