#External Initialization

Critical Vulnerability in Kirby: External Initialization of the Panel via Reverse Proxy

A critical vulnerability (CVE-2026-54003, CVSS 9.1) in Kirby allows attackers to initialize the Panel on publicly accessible servers behind a reverse proxy, enabling remote admin account creation. Sites with no configured user accounts and specific reverse proxy setups are affected. Immediate action is required to prevent exploitation.