From 4713ee1db885c322ffc0bf2e88912733903e88b2 Mon Sep 17 00:00:00 2001
From: Stalin <161853795+Stalin-143@users.noreply.github.com>
Date: Thu, 26 Mar 2026 21:47:17 +0530
Subject: [PATCH] Update README.md

---
 README.md | 39 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fc968be..5dc491c 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,38 @@
-# CVE-2026-29905
\ No newline at end of file
+# CVE-2026-29905 — Kirby CMS Persistent DoS via Malformed Image Upload
+
+## Overview
+
+A authenticated user with **Editor** permissions can upload a malformed file with an image extension to cause a persistent Denial of Service in Kirby CMS.
+
+**CVE ID:** CVE-2026-29905
+**Affected Version:** Kirby CMS ≤ 5.1.4
+**Fixed In:** Kirby CMS 5.2.0-rc.1
+**Severity:** Medium
+**CWE:** CWE-252 (Unchecked Return Value), CWE-20 (Improper Input Validation)
+
+---
+
+## Description
+
+Kirby processes uploaded image files using PHP's `getimagesize()` function without validating its return value. When a malformed file is uploaded with a valid image extension (e.g. `.jpg`), `getimagesize()` returns `false` instead of an array. The application then triggers a fatal `TypeError` during thumbnail generation or metadata processing.
+
+The crash persists across page reloads until the file is manually removed from the filesystem.
+
+---
+
+## Impact
+
+- Any Editor-role user (non-admin) can trigger the DoS condition.
+- Affected pages return HTTP 500 until the file is removed manually.
+
+---
+
+## Fix
+
+Patched in [Kirby CMS 5.2.0-rc.1](https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1).
+
+---
+
+## Discoverer
+
+**Stalin S** ([@Stalin-143](https://github.com/Stalin-143))