A vulnerability identified as problematic has been detected in getkirby Kirby up to 4.9.0/5.4.0. The impacted element is the function
password/loginPasswordless/root/delete of the component Collection Queries. The manipulation of the argument model leads to password hash with insufficient computational effort.
This vulnerability is documented as CVE-2026-44174. The attack can be initiated remotely. There is not any exploit available.