{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29905", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-26T18:31:41.421Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T16:33:00.737Z"}, "descriptions": [{"lang": "en", "value": "Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1"}, {"url": "https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing"}, {"url": "https://github.com/Stalin-143/CVE-2026-29905"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-252", "lang": "en", "description": "CWE-252 Unchecked Return Value"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T18:28:04.871948Z", "id": "CVE-2026-29905", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:31:41.421Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29905", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T18:28:04.871948Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-252", "description": "CWE-252 Unchecked Return Value"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:28:53.512Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1"}, {"url": "https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing"}, {"url": "https://github.com/Stalin-143/CVE-2026-29905"}], "descriptions": [{"lang": "en", "value": "Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T16:33:00.737Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29905", "state": "PUBLISHED", "dateUpdated": "2026-03-26T18:31:41.421Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError."}, {"lang": "es", "value": "Kirby CMS hasta 5.1.4 permite a un usuario autenticado con permisos de 'Editor' causar una denegaci\u00f3n de servicio (DoS) persistente mediante la carga de una imagen malformada. La aplicaci\u00f3n no valida correctamente el valor de retorno de la funci\u00f3n PHP getimagesize(). Cuando el sistema intenta procesar este archivo para la generaci\u00f3n de metadatos o miniaturas, desencadena un TypeError fatal."}], "id": "CVE-2026-29905", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T17:16:34.660", "references": [{"source": "[email protected]", "url": "https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing"}, {"source": "[email protected]", "url": "https://github.com/Stalin-143/CVE-2026-29905"}, {"source": "[email protected]", "url": "https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-252"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.1.4]"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}, {"score": 88.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "kirby", "vendor": "getkirby"}], "analysis": {"en": {"generated_at": "2026-03-26T20:54:10.630601+00:00", "value": {"mitigation_remediation": ["Upgrade Kirby CMS to version\u202f5.2.0\u2011rc.1 or later.", "If an upgrade is not immediately feasible, block image uploads from Editor accounts until the update is applied.", "Validate image file type and size before processing to avoid malformed files.", "Monitor application logs for fatal TypeError exceptions and restart the service promptly if a DoS occurs."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is Kirby CMS, with all releases up to and including version\u202f5.1.4. No other vendors or product lines are mentioned, and no additional version ranges are provided.", "description_and_impact": "Kirby CMS up to version\u202f5.1.4 fails to validate the return value of PHP's getimagesize() when processing uploaded images. A malformed image can cause a fatal TypeError during metadata or thumbnail generation, resulting in a persistent denial of service that renders the site unavailable until it is restarted. The weakness stems from improper input validation (CWE\u201120) and unchecked return values (CWE\u2011252).", "risk_and_exploitability": "The CVSS base score of\u202f6.5 indicates medium severity. EPSS is not published, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is the CMS image upload interface, which requires authenticated access with Editor privileges. An attacker possessing such credentials must upload a specifically crafted image; once processed, the fatal error is triggered, causing the service to crash and denying availability for all users."}}}}, "created": "2026-03-27T08:36:26.693673+00:00", "title": "Persistent Denial of Service via Malformed Image Upload in Kirby CMS", "updated": "2026-03-27T09:29:07.705419+00:00", "vendors": ["getkirby", "getkirby$PRODUCT$kirby"]}