{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29905", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-26T18:31:41.421Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T16:33:00.737Z"}, "descriptions": [{"lang": "en", "value": "Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1"}, {"url": "https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing"}, {"url": "https://github.com/Stalin-143/CVE-2026-29905"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-252", "lang": "en", "description": "CWE-252 Unchecked Return Value"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T18:28:04.871948Z", "id": "CVE-2026-29905", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:31:41.421Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29905", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T18:28:04.871948Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-252", "description": "CWE-252 Unchecked Return Value"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:28:53.512Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1"}, {"url": "https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing"}, {"url": "https://github.com/Stalin-143/CVE-2026-29905"}], "descriptions": [{"lang": "en", "value": "Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T16:33:00.737Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29905", "state": "PUBLISHED", "dateUpdated": "2026-03-26T18:31:41.421Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*", "matchCriteriaId": "F945B156-7930-45BD-9368-44FCBA294E09", "versionEndIncluding": "5.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError."}, {"lang": "es", "value": "Kirby CMS hasta 5.1.4 permite a un usuario autenticado con permisos de 'Editor' causar una denegaci\u00f3n de servicio (DoS) persistente mediante la carga de una imagen malformada. La aplicaci\u00f3n no valida correctamente el valor de retorno de la funci\u00f3n PHP getimagesize(). Cuando el sistema intenta procesar este archivo para la generaci\u00f3n de metadatos o miniaturas, desencadena un TypeError fatal."}], "id": "CVE-2026-29905", "lastModified": "2026-04-02T17:28:02.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T17:16:34.660", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Stalin-143/CVE-2026-29905"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-252"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.1.4]"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}, {"score": 88.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "kirby", "vendor": "getkirby"}], "analysis": {"en": {"generated_at": "2026-04-02T22:16:56.514120+00:00", "value": {"mitigation_remediation": ["Upgrade Kirby CMS to version 5.2.0-rc.1 or newer. ", "Ensure that only trusted users are granted Editor or higher permissions. ", "Monitor server logs for repeated TypeError entries and application crashes. ", "If upgrading is not immediately possible, temporarily disable image upload functionality or restrict it to trusted IP ranges. ", "Apply a custom PHP check to validate getimagesize() return values before proceeding with thumbnail or metadata generation."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All installations of Kirby CMS 5.1.4 and earlier run this vulnerability. The issue is fixed in release 5.2.0-rc.1, so any system running that version or later is not susceptible to the weakness described.", "description_and_impact": "Kirby CMS versions up to 5.1.4 are affected by a flaw that allows an authenticated user with Editor rights to trigger a persistent Denial of Service by uploading a specially crafted image. The vulnerability occurs because the application does not validate the return value of PHP\u2019s getimagesize() function; when the image is processed for metadata or thumbnail creation, a fatal TypeError is raised, halting the request and potentially bringing the entire site offline.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate severity, but the EPSS indicates an extremely low exploitation probability (<1%). The vulnerability is not listed in CISA\u2019s KEV catalog. Attack requires an authenticated Editor user with permission to upload images; an attacker with this privilege can repeatedly trigger a crash, leading to prolonged downtime. Because the exploit is limited to internal authenticated users, external attackers cannot directly use it unless they gain account credentials."}}}}, "created": "2026-03-27T08:36:26.693673+00:00", "updated": "2026-04-03T09:39:00.284154+00:00", "vendors": ["getkirby", "getkirby$PRODUCT$kirby"]}