A vulnerability labeled as problematic has been found in getkirby Kirby up to 4.9.3/5.4.3. The impacted element is the function find of the file /api/site/find of the component Page Access Control. Executing a manipulation of the argument ID can lead to improper authorization.

This vulnerability is handled as CVE-2026-54005. The attack can be executed remotely. There is not any exploit available.