CVE-2026-22594

High CVSS: 8.1

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.

Vendor

Ghost

Product

Ghost

CWE

CWE-287

Yayın Tarihi

2026-01-10 03:15:50

Güncelleme

2026-01-15 18:12:10

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-287 Ghost HIGH Ghost 2026

Referanslar

https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07 https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4

Benzer Kayıtlar

High

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /sessio…

High

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can ex…

Critical

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform…

High

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an…

High

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

Medium

CVE-2026-22596

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabili…