CVE-2026-42137
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
May 09, 2026
Vendor
unknown
Description
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0.