CVE-2026-29784

High CVSS: 7.5

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3.

Vendor

Ghost

Product

Ghost

CWE

CWE-352

Yayın Tarihi

2026-03-07 16:15:55

Güncelleme

2026-03-09 20:06:23

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-352 Ghost HIGH Ghost 2026

Referanslar

https://github.com/TryGhost/Ghost/commit/ec065a774fa125953d2aa644a59cd8990329e0a0 https://github.com/TryGhost/Ghost/security/advisories/GHSA-9m84-wc28-w895

Benzer Kayıtlar

High

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can ex…

Critical

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform…

High

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an…

High

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

High

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

Medium

CVE-2026-22596

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabili…