CVE-2026-26980

Critical CVSS: 9.4

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Vendor

Ghost

Product

Ghost

CWE

CWE-89

Yayın Tarihi

2026-02-20 02:16:54

Güncelleme

2026-02-20 19:22:53

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Ghost CRITICAL Ghost 2026

Referanslar

https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91 https://github.com/TryGhost/Ghost/releases/tag/v6.19.1 https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97

Benzer Kayıtlar

High

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /sessio…

High

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can ex…

High

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an…

High

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

High

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

Medium

CVE-2026-22596

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabili…