← voltar
CVE-2026-42174

Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

CVSS 5.3 MEDIUMEPSS 0.2%CWE-862
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
getkirby · kirby

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/getkirby/kirby/releases/tag/4.9.0https://github.com/getkirby/kirby/releases/tag/5.4.0https://github.com/getkirby/kirby/security/advisories/GHSA-39cp-6679-8xv2