CVE-2026-41325 - Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection
CVE ID :CVE-2026-41325 Published : April 24, 2026, 1:16 a.m. | 35 minutes ago Description :Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] CVE-2026-41316 - ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
- [CYBER] CVE-2026-41309 - Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing
- [CYBER] CVE-2026-41305 - PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
- [CYBER] CVE-2026-40254 - FreeRDP: contains_dotdot() off-by-one allows drive channel path traversal via terminal ..
- [CYBER] CVE-2026-33318 - Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
- [CYBER] CVE-2026-33317 - OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure