CVE-2026-49274
Gravedad CVSS v4.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
09/07/2026
Última modificación:
09/07/2026
Descripción
*** Pendiente de traducción *** Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page existence and retrieve title field values. This issue is fixed in versions 4.9.4 and 5.4.4.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA
Referencias a soluciones, herramientas e información
- https://github.com/getkirby/kirby/commit/1ae575da24e1b1cb8803a031d37eff14606d7c55
- https://github.com/getkirby/kirby/commit/3bad37117adf2013548a784f820ddb2d8317333c
- https://github.com/getkirby/kirby/commit/3f4398cdcf9f50f84fdac52ad78a7a85fb31589f
- https://github.com/getkirby/kirby/commit/bffffce6c081f69c46163cc89b1fd18ccf2a18d1
- https://github.com/getkirby/kirby/releases/tag/4.9.4
- https://github.com/getkirby/kirby/releases/tag/5.4.4
- https://github.com/getkirby/kirby/security/advisories/GHSA-23q2-54qv-rq5x



