CVE-2026-54002
GetKirby · Kirby
Kirby CMS is affected by multiple Cross-Site Scripting (XSS) vulnerabilities, allowing authenticated users with lower privileges to execute malicious scripts in the administrative interface.
Executive summary
Multiple XSS vulnerabilities in the Kirby CMS administrative interface could allow an authenticated attacker to execute arbitrary scripts, potentially leading to full administrative compromise.
Vulnerability
These vulnerabilities (CWE-79, CWE-87) involve the improper neutralization of input during web page generation. The attack requires the user to be authenticated, specifically leveraging the application's input handling mechanisms to execute malicious JavaScript.
Business impact
Successful exploitation allows an attacker to perform actions on behalf of administrators, potentially leading to the creation of new accounts, modification of site content, or theft of sensitive administrative session tokens. With a CVSS score of 8.5, the risk is substantial for organizations relying on Kirby for content management, as it undermines the security of the administrative dashboard.
Remediation
Immediate Action: Update Kirby CMS to version 4.9.4 or 5.4.4, depending on the current branch in use, to apply the necessary security fixes.
Proactive Monitoring: Monitor administrative user activity for suspicious script injections or unauthorized configuration changes within the Kirby panel.
Compensating Controls: Use a Web Application Firewall (WAF) to filter and block common XSS payloads directed at the administrative panel.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Administrators must verify their current version of Kirby and perform the required update to either 4.9.4 or 5.4.4 immediately. Given that this vulnerability allows for administrative-level impact, patching is essential to prevent potential site defacement or full takeover of the CMS.