CVE-2026-41325: Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

Description

Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

Ghostwire Analysis — What This Means Practically

Exploitation Probability (EPSS): Low — 0.03% (9th percentile)

Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2026-41325: Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

Description

Ghostwire Analysis — What This Means Practically

Proof-of-Concept Exploits (1)

Security Coverage (1 articles)

References