A vulnerability marked as critical has been reported in getkirby Kirby up to 4.9.3/5.4.3. This affects the function
request/get/post of the component Http Remote Class. The manipulation of the argument header leads to missing initialization of a variable.
This vulnerability is uniquely identified as CVE-2026-50188. The attack is possible to be carried out remotely. No exploit exists.