CVE-2026-50188 in Kirbyinfo

Zusammenfassung

von MITRE • 09.07.2026

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request(), Remote::get(), and Remote::post(), to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters in a header value to inject a separate unintended request header to the remote service. This issue is fixed in versions 4.9.4 and 5.4.4.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

GitHub M

Reservieren

04.06.2026

Veröffentlichung

09.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377298

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Do you know our Splunk app?

Download it now for free!