CVE-2026-22596

Medium CVSS: 6.7

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.

Vendor

Ghost

Product

Ghost

CWE

CWE-89

Yayın Tarihi

2026-01-10 03:15:50

Güncelleme

2026-01-15 18:35:34

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Ghost MEDIUM Ghost 2026

Referanslar

https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955 https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391 https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq

Benzer Kayıtlar

High

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /sessio…

High

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can ex…

Critical

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform…

High

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an…

High

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

High

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…