CVE-2026-26980

CRITICAL(9.4)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Risk Signal Score43/100 — MITTEL

CVSS 9.4 — Kritisch
EPSS 63%

Erwähnungen (letzte 60 Tage)

Artikel

EPSS-Score

63%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.4

Technische Schwere

Beschreibung

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

GitHub Advisories

GHSA-w52v-v783-gw97CRITICAL

Ghost has a SQL injection in Content API

npm/ghost→ 6.19.1

GitHub Advisory

Referenzen

https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed9...
https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97
https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980/