VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CVE-2026-26980 in Ghost CMS: Mass compromise of 700+ sites

CVE-2026-26980 в Ghost CMS: массовая компрометация 700+ сайтов

Colleagues, an important cybersecurity alert: threat actors are exploiting CVE-2026-26980 in Ghost CMS to mass‑inject JavaScript and conduct ClickFix attacks.

What happened:
- QiAnXin XLab found an SQL injection (CVSS 9.4) in the Content API that exposed Admin API keys and allowed mass editing of posts.
- More than 700 sites (universities, blockchain, AI, SaaS, media, fintech) were infected with cloaked loaders; victims see a fake CAPTCHA and are tricked into running a command that downloads a DLL/installer.

Mitigation:
- Upgrade Ghost to 6.19.1+, rotate keys, clean sites, review logs, and notify visitors.

Why it matters: compromising legitimate sites amplifies phishing and malware distribution.

How do you protect your CMS against such attack chains?

#cybersecurity #GhostCMS #vulnerabilities #infosec

Latest comments

No comments yet.