0x5t4l1n/CVE
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/CVE.git synced 2026-05-26 11:25:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create reported/ directory and move all CVE files into it

Browse Source 
Agent-Logs-Url: https://github.com/Stalin-143/CVE/sessions/60d91e38-5aaf-4d3e-9b6e-5bda848b4d3f

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-05-01 16:40:58 +00:00
committed by GitHub
parent 725ff2c576
commit 528971beb3
3 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
reported/CVE-2026-29905.md
+52
View File
@@ -0,0 +1,52 @@
![CVE](https://img.shields.io/badge/CVE-2026--29905-red)
# CVE-2026-29905 — Kirby CMS Persistent DoS via Malformed Image Upload
> CVE-2026-29905 has been officially published by MITRE.
## Overview
A authenticated user with **Editor** permissions can upload a malformed file with an image extension to cause a persistent Denial of Service in Kirby CMS.
**CVE ID:** CVE-2026-29905
**Affected Version:** Kirby CMS ≤ 5.1.4
**Fixed In:** Kirby CMS 5.2.0-rc.1
**Severity:** Medium
**CWE:** CWE-252 (Unchecked Return Value), CWE-20 (Improper Input Validation)
---
## Description
Kirby processes uploaded image files using PHP's `getimagesize()` function without validating its return value. When a malformed file is uploaded with a valid image extension (e.g. `.jpg`), `getimagesize()` returns `false` instead of an array. The application then triggers a fatal `TypeError` during thumbnail generation or metadata processing.
The crash persists across page reloads until the file is manually removed from the filesystem.
---
## Impact
- Any Editor-role user (non-admin) can trigger the DoS condition.
- Affected pages return HTTP 500 until the file is removed manually.
---
## Fix
Patched in [Kirby CMS 5.2.0-rc.1](https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1).
---
## References
- [CVE-2026-29905 on cve.org](https://www.cve.org/CVERecord?id=CVE-2026-29905)
- [CVE-2026-29905 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-29905)
- [GHSA-cw7v-45wm-mcf2](https://github.com/advisories/GHSA-cw7v-45wm-mcf2)
- [PoC Stalin-143/CVE-2026-29905](https://github.com/Stalin-143/CVE-2026-29905)
- [Kirby CMS 5.2.0-rc.1 Release](https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1)
- [Supporting Document (Google Drive)](https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing)
---
## Discoverer
**Stalin S** ([@Stalin-143](https://github.com/Stalin-143))