Kirby CMS's system API endpoint leaks installed version and license data to authenticated users — CVE-2026-42051
GitHub · GitHub · CVE-2026-42051
ID
CVE-2026-42051
CVE-2026-42051
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
5.3
5.3
EPSS
0.00036
0.00036
Summary
### TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. ---- ### Introduction Missing authorization allows authenticated users to perform actions they are not intended to have access to. The effects of missing authorization can include unauthorized access to sensitive information as well as unauthorized changes to content or system…
Product
composer: getkirby/cms
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.