Home / Vulnerability Intelligence / CVE-2026-29905

CVE-2026-29905 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: March 26, 2026

Kirby CMS - Denial of Service

Published: March 26, 2026Updated: March 26, 2026PoC AvailableRemote Exploitable

Overview

Kirby CMS through 5.1.4 contains a denial of service caused by improper validation of the PHP getimagesize() return value during image upload, letting authenticated users with Editor permissions cause persistent DoS.

Severity & Score

Severity: Medium

CVSS Score: 6.5

Impact

Authenticated users with Editor permissions can cause persistent denial of service, disrupting application availability.

Mitigation

Update to the latest version beyond 5.1.4.

References

https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing
https://github.com/Stalin-143/CVE-2026-29905
https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29905
Severity: Medium
CVSS Score: 6.5
Type: denial_of_service
Status: new

CWE

CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H