CVE-2026-42137
MEDIUM6.5CVSS v3
—CVSS v2
0.01%
EPSS (exploit probability)
CWE-862CWE
Description
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected routers (0)
No routers currently mapped to this CVE in our database.