CVE-2026-26980 in Ghost CMS: Mass compromise of 700+ sites

Colleagues, an important cybersecurity alert: threat actors are exploiting CVE-2026-26980 in Ghost CMS to mass‑inject JavaScript and conduct ClickFix attacks.
What happened:
- QiAnXin XLab found an SQL injection (CVSS 9.4) in the Content API that exposed Admin API keys and allowed mass editing of posts.
- More than 700 sites (universities, blockchain, AI, SaaS, media, fintech) were infected with cloaked loaders; victims see a fake CAPTCHA and are tricked into running a command that downloads a DLL/installer.
Mitigation:
- Upgrade Ghost to 6.19.1+, rotate keys, clean sites, review logs, and notify visitors.
Why it matters: compromising legitimate sites amplifies phishing and malware distribution.
How do you protect your CMS against such attack chains?
#cybersecurity #GhostCMS #vulnerabilities #infosec


Latest comments
No comments yet.