AI description
CVE-2026-26980 is a SQL injection vulnerability found in Ghost, a Node.js content management system. This flaw specifically affects the Content API's slug filter ordering functionality. It allows unauthenticated attackers to perform arbitrary reads from the database. The vulnerability impacts Ghost versions 3.24.0 through 6.19.0. Exploitation of this issue could lead to the extraction of sensitive data, including user credentials, authentication tokens, and site content. A fix for this vulnerability has been released in Ghost version 6.19.1.
- Description
- Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
- Source
- security-advisories@github.com
- NVD status
- Modified
- Products
- ghost
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
ثغرة حقن SQL حرجة في Ghost CMS استُغلّت لاختراق 700 موقع بينها Harvard وOxford بهجمات ClickFix المعرّف : CVE-2026-26980 درجة الخطورة : 9.4 (CVSS) - Critical الإصدارات : Ghost 3.24.0 - 6.19.0 الحل : Upg
@KasperskyDev
7 Jun 2026
105 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
تم استغلال ثغرة Ghost CMS CVE-2026-26980 للاستيلاء على أكثر من 700 موقع للقيام بهجمات ClickFix. يعد هذا تذكيراً بأن الأمان الرقمي يجب أن يكون أولوية للجميع. Ghost CMS CVE-2026-26980 h
@fad_777
31 May 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks: https://t.co/MHnhMJltdf #cms #informationsecurity #cve #threathunting #exploitation #exploit https://t.co/qOeS5Zl5xk
@blackstormsecbr
29 May 2026
142 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ثغرة SQL injection في Ghost CMS تستغل لتسميم 700+ موقع ضمن حملة ClickFix نشطة المعرف : CVE-2026-26980 درجة الخطورة : 9.4 (CVSS) - Critical الإصدارات المتأثرة : Ghost 3.24.0 - 6.19.0 الحل : Upgrade to G
@KasperskyDev
27 May 2026
202 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Over 700 websites hijacked via Ghost CMS vulnerability CVE-2026-26980. Ensure your site is secure by updating to version 6.19.1. Link: https://t.co/DbZMNnn4G5 #CyberSecurity #GhostCMS #Vulnerability #CVE #Exploitation #Hacking #Malware #Website #Security #Update #Patch
@dailytechonx
26 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - vognik/CVE-2026-26980: 💣 Exploit for CVE-2026-26980 — 👻 Ghost CMS Unauthenticated SQLi via Content API · GitHub https://t.co/Wdj8WyJL4G
@akaclandestine
26 May 2026
2933 Impressions
12 Retweets
34 Likes
25 Bookmarks
0 Replies
0 Quotes
Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. https://t.co/91LKBsoojn #GhostCMS #CVE #Vulnerability #CyberSecurity #CybersecurityNews #threatresq #ThreatResQ
@ThreatResq
26 May 2026
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks https://t.co/dQRXiF9XV4
@TechNowPulse
25 May 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2026-26980: Ghost CMS SQL injection exploited to hijack 700+ sites for ClickFix attacks. Attackers are stealing Admin API keys, modifying articles, and injecting malicious JavaScript loaders. https://t.co/yHtvwvuuvs #GhostCMS #CVE #SQLInjection #ClickFix #CyberSecurity
@vulert_official
25 May 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📡 Observed: Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks Critical CVE / Exploit: Threat actors are exploiting a re... https://t.co/FDj0PIql5z #CVE #CyberSecurity #SecurityAlert #DataProtection
@MyDooM15
25 May 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks ... Read more ...
@TheRabbitPy
25 May 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks ... Read more ...
@TheRabbitPy
25 May 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks https://t.co/xJHzCOxYZB
@DeepBlueInfoSec
25 May 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks - https://t.co/foDKxhV5W9
@florian0707
25 May 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks https://t.co/iVWkyulvOc
@JedisecX
25 May 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks https://t.co/SG4cEQ15Vg
@TheCyberSecHub
25 May 2026
517 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-49113 2 - CVE-2026-26980 3 - CVE-2026-31635 4 - CVE-2026-34908 5 - CVE-2026-42897 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 May 2026
154 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers exploit CVE-2026-26980 SQL injection flaw in Ghost CMS to inject malicious JavaScript triggering ClickFix campaigns. https://t.co/2MPql5idO1
@Anavem_
24 May 2026
466 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING: CVE-2026-26980 actively exploited - unauthenticated SQL injection in Ghost CMS 3.24.0-6.19.0 allows arbitrary DB reads, patch now to 6.19.1. https://t.co/ezsFm4jB2v
@threatcluster
24 May 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1DD2D680-6968-4F14-A055-9F81B8043085",
"versionEndExcluding": "6.19.1",
"versionStartIncluding": "3.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]