Feed›Vulnerability›Ghost CMS SQL injection flaw exploited in large-scale ClickF...

VulnerabilityBleeping Computer

7.5 — HIGH

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

📅 24 May 2026 at 14:12 UTC📰 Bleeping ComputerView original source ↗

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A large-scale campaign is exploiting a critical SQL injection vulnerability in Ghost CMS, resulting in the injection of malicious JavaScript code that triggers ClickFix attack flows on over 700 compromised domains.

⚙️Technical Details

💥Impact Assessment

Severity: critical

🛡️Recommended Actions

1Upgrade to version 6.19.1 or later and rotate all keys used previously

2Conduct a thorough review of the websites for injected scripts and remove them

3Maintain a 30-day record of admin API call logs for retrospective investigation

📦Affected Products

Ghost GhostGhost CMS

🔐NVD Verified DataVERIFIED

CVE-2026-26980 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE-89

Affected Products (CPE)

Ghost Ghost

Patches & References

🔧 https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf7…📋 https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-g…

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed