CVE-2026-29053

High CVSS: 7.6

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

Vendor

Ghost

Product

Ghost

CWE

CWE-74

Yayın Tarihi

2026-03-05 06:16:50

Güncelleme

2026-03-09 18:40:22

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-74 Ghost HIGH Ghost 2026

Referanslar

https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x

Benzer Kayıtlar

High

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /sessio…

Critical

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform…

High

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an…

High

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

High

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

Medium

CVE-2026-22596

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabili…