{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-42069", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-23T19:17:30.564Z", "datePublished": "2026-05-09T03:35:02.266Z", "dateUpdated": "2026-05-12T18:31:21.175Z"}, "containers": {"cna": {"title": "Kirby: Read access to site, user and role information is not gated by permissions", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-2h7v-4372-f6x2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getkirby/kirby/security/advisories/GHSA-2h7v-4372-f6x2"}, {"name": "https://github.com/getkirby/kirby/releases/tag/4.9.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/getkirby/kirby/releases/tag/4.9.0"}, {"name": "https://github.com/getkirby/kirby/releases/tag/5.4.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/getkirby/kirby/releases/tag/5.4.0"}], "affected": [{"vendor": "getkirby", "product": "kirby", "versions": [{"version": "< 4.9.0", "status": "affected"}, {"version": ">= 5.0.0, < 5.4.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-09T03:37:05.930Z"}, "descriptions": [{"lang": "en", "value": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0."}], "source": {"advisory": "GHSA-2h7v-4372-f6x2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-12T13:32:21.385429Z", "id": "CVE-2026-42069", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-12T18:31:21.175Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-42069", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-12T13:32:21.385429Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-12T13:32:32.015Z"}}], "cna": {"title": "Kirby: Read access to site, user and role information is not gated by permissions", "source": {"advisory": "GHSA-2h7v-4372-f6x2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "getkirby", "product": "kirby", "versions": [{"status": "affected", "version": "< 4.9.0"}, {"status": "affected", "version": ">= 5.0.0, < 5.4.0"}]}], "references": [{"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-2h7v-4372-f6x2", "name": "https://github.com/getkirby/kirby/security/advisories/GHSA-2h7v-4372-f6x2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/getkirby/kirby/releases/tag/4.9.0", "name": "https://github.com/getkirby/kirby/releases/tag/4.9.0", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/getkirby/kirby/releases/tag/5.4.0", "name": "https://github.com/getkirby/kirby/releases/tag/5.4.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-09T03:37:05.930Z"}}}, "cveMetadata": {"cveId": "CVE-2026-42069", "state": "PUBLISHED", "dateUpdated": "2026-05-12T18:31:21.175Z", "dateReserved": "2026-04-23T19:17:30.564Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-05-09T03:35:02.266Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0."}], "id": "CVE-2026-42069", "lastModified": "2026-05-12T15:37:14.030", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-05-09T04:16:22.297", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/getkirby/kirby/releases/tag/4.9.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/getkirby/kirby/releases/tag/5.4.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/getkirby/kirby/security/advisories/GHSA-2h7v-4372-f6x2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}