{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T04:22:52.240","vulnerabilities":[{"cve":{"id":"CVE-2026-21896","sourceIdentifier":"security-advisories@github.com","published":"2026-01-08T18:15:59.593","lastModified":"2026-02-02T19:02:51.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific role(s) from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. This vulnerability does not affect those who have not altered the deviated from default user permissions. This issue has been patched in version 5.2.2."},{"lang":"es","value":"Kirby es un sistema de gestión de contenido de código abierto. Desde las versiones 5.0.0 hasta la 5.2.1, Kirby carece de comprobaciones de permisos en la API de cambios de contenido. Esta vulnerabilidad afecta a todos los sitios de Kirby donde los permisos de usuario están configurados para evitar que rol(es) específico(s) realicen acciones de escritura, específicamente deshabilitando el permiso de actualización con la intención de prevenir modificaciones al contenido del sitio. Esta vulnerabilidad no afecta a aquellos que no han alterado los permisos de usuario predeterminados. Este problema ha sido parcheado en la versión 5.2.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.2.2","matchCriteriaId":"E9AE695A-D212-4B4E-B595-71C44FE6EE2A"}]}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/f5ce1347b427b819bf193acf11fd0da232f7af47","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/getkirby/kirby/releases/tag/5.2.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-4j78-4xrm-cr2f","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}