CVE-2026-22597

Low CVSS: 2.0

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.

Vendor

Ghost

Product

Ghost

CWE

CWE-918

Yayın Tarihi

2026-01-10 03:15:50

Güncelleme

2026-01-15 18:36:01

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Ghost LOW Ghost 2026

Referanslar

https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9 https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51 https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r

Benzer Kayıtlar

High

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /sessio…

High

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can ex…

Critical

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform…

High

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an…

High

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

High

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…