EXECUTIVE SUMMARY:
CVE-2026-34587 with a CVSS score of 7.5 is a Server-Side Template Injection (SSTI) vulnerability via double template resolution in option rendering in the Kirby content management system. Affected software includes the composer/getkirby/cms package, specifically versions prior to 4.9.0 and versions 5.0.0 to 5.4.0. The vulnerability arises from Kirby's user permissions control, which allows authenticated attackers with the `pages.create` permission to bypass normal editorial workflow and create published pages by overriding the `isDraft` flag when creating a new page via the REST API. An attacker can exploit this vulnerability by using user input to inject malicious template commands, which can result in remote code execution on the server, enabling attackers to access protected site information, alter site content, or break site behavior. This vulnerability has a significant business impact, as it allows attackers to compromise the integrity and confidentiality of sensitive data stored in a Kirby site, potentially leading to financial loss, reputational damage, and other consequences. To exploit this vulnerability, an attacker requires either an account in the group of authenticated Panel users or user interaction of another authenticated user.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-34587 with a CVSS score of 7.5 is a Server-Side Template Injection (SSTI) vulnerability via double template resolution in option rendering in the Kirby content management system. Affected software includes the composer/getkirby/cms package, specifically versions prior to 4.9.0 and versions 5.0.0 to 5.4.0. The vulnerability arises from Kirby's user permissions control, which allows authenticated attackers with the `pages.create` permission to bypass normal editorial workflow and create published pages by overriding the `isDraft` flag when creating a new page via the REST API. An attacker can exploit this vulnerability by using user input to inject malicious template commands, which can result in remote code execution on the server, enabling attackers to access protected site information, alter site content, or break site behavior. This vulnerability has a significant business impact, as it allows attackers to compromise the integrity and confidentiality of sensitive data stored in a Kirby site, potentially leading to financial loss, reputational damage, and other consequences. To exploit this vulnerability, an attacker requires either an account in the group of authenticated Panel users or user interaction of another authenticated user.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-jcjw-58rv-c452