CVE-2026-29905

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError.

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError.

### Duplicate Advisory This advisory has been withdrawn because it is been determined to not be a vulnerability. This link is maintained to preserve external references. ### Original Description ## Summary Kirby CMS through version 5.1.4 allows an authenticated user with Editor permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. ## Details The vulnerability is caused by improper validation of the return value of PHP's `getimagesize()` function. When a malformed file is uploaded with a valid image extension (e.g., `.jpg`), the function returns `false` instead of an expected array. The application fails to handle this condition properly and proceeds with image processing, resulting in a fatal `TypeError`. This leads to persistent application crashes when the affected file is accessed. ## Impact - Persistent Denial of Service (DoS) - Affected pages return HTTP 500 errors - Requires manual removal of the malformed file to restore functionality - Exploitable by authenticated users with Editor permissions ## Identifiers - CVE-2026-29905 ## Resources - https://github.com/github/advisory-database/pull/7503 - https://github.com/Stalin-143/CVE-2026-29905 - https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1 - https://www.cve.org/CVERecord?id=CVE-2026-29905

### Duplicate Advisory This advisory has been withdrawn because it is been determined to not be a vulnerability. This link is maintained to preserve external references. ### Original Description ## Summary Kirby CMS through version 5.1.4 allows an authenticated user with Editor permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. ## Details The vulnerability is caused by improper validation of the return value of PHP's `getimagesize()` function. When a malformed file is uploaded with a valid image extension (e.g., `.jpg`), the function returns `false` instead of an expected array. The application fails to handle this condition properly and proceeds with image processing, resulting in a fatal `TypeError`. This leads to persistent application crashes when the affected file is accessed. ## Impact - Persistent Denial of Service (DoS) - Affected pages return HTTP 500 errors - Requires manual removal of the malformed file to restore functionality - Exploitable by authenticated users with Editor permissions ## Identifiers - CVE-2026-29905 ## Resources - https://github.com/github/advisory-database/pull/7503 - https://github.com/Stalin-143/CVE-2026-29905 - https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1 - https://www.cve.org/CVERecord?id=CVE-2026-29905

Kirby CMS hasta 5.1.4 permite a un usuario autenticado con permisos de 'Editor' causar una denegación de servicio (DoS) persistente mediante la carga de una imagen malformada. La aplicación no valida correctamente el valor de retorno de la función PHP getimagesize(). Cuando el sistema intenta procesar este archivo para la generación de metadatos o miniaturas, desencadena un TypeError fatal.