Package impact
COMPOSER / getkirby/cms
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45368 | high | — | 8.0 | 1d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend | |
| CVE-2026-44177 | high | — | 8.0 | 2d ago | Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup | |
| CVE-2026-44175 | high | — | 8.0 | 2d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend | |
| CVE-2026-44174 | high | — | 8.0 | 2d ago | Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints | |
| CVE-2026-34587 | high | — | 8.0 | 1mo ago | Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering |