CVE-2026-44175

getkirby · kirby

A Cross-site Scripting vulnerability in the Kirby CMS allows authenticated attackers with low privileges to execute malicious scripts.

Executive summary

Kirby CMS contains a Cross-site Scripting vulnerability that permits authenticated attackers to compromise user sessions or sensitive data.

Vulnerability

This is a Cross-site Scripting (CWE-79) vulnerability where improper input neutralization allows for the injection of scripts. The attack requires an authenticated user with low privileges and relies on user interaction to execute the payload.

Business impact

Successful exploitation can result in the theft of administrative session cookies, unauthorized modification of web content, or the redirection of users to malicious sites. With a CVSS score of 8.5, this vulnerability represents a high risk to user data confidentiality and the overall integrity of the content management platform.

Remediation

Immediate Action: Update the Kirby CMS installation to version 4.9.1 or 5.4.1, depending on the currently deployed major release branch.

Proactive Monitoring: Monitor site traffic for unusual redirect patterns or the presence of unexpected script tags within user-generated content or administrative dashboards.

Compensating Controls: Deploy a Web Application Firewall with robust XSS filtering rules to inspect and sanitize incoming requests for malicious script injection attempts.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Administrators should verify their current version of Kirby and apply the relevant security update immediately. Given the high impact of XSS on CMS platforms, patching is the only reliable method to eliminate the injection vector.