CVE-2026-44174

GetKirby · Kirby

The Kirby content management system is vulnerable to unsafe reflection, allowing authenticated users to trigger unintended code execution or select arbitrary classes.

Executive summary

An unsafe reflection vulnerability in the Kirby content management system allows authenticated users to potentially execute arbitrary code, posing a significant risk to site integrity.

Vulnerability

This vulnerability involves the use of externally controlled input to select classes or code, known as unsafe reflection (CWE-470). It requires the attacker to be authenticated to the Kirby administration interface to trigger the flaw.

Business impact

The CVSS score of 8.7 highlights the severity of this issue. An attacker with administrative or user-level access could leverage this flaw to gain unauthorized code execution on the server, leading to complete site takeover, data exfiltration, or defacement, which directly threatens business continuity and brand reputation.

Remediation

Immediate Action: Upgrade to Kirby version 4.9.1 or 5.4.1 immediately to resolve the unsafe reflection vulnerability.

Proactive Monitoring: Monitor site activity logs for anomalous requests to administrative endpoints or unexpected server-side errors that may indicate exploitation attempts.

Compensating Controls: Restrict access to the Kirby administration panel to known, trusted IP addresses and implement a WAF to inspect incoming traffic for malicious input patterns.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Administrators must treat this as a high-priority update. Upgrading to the patched versions is the only reliable way to prevent potential remote code execution via the reflection flaw, and this should be performed during the next maintenance window or immediately for high-exposure environments.