Ghost CMS
CVSS 9.4
CRITICAL
“A weakness in your publishing platform can turn your content engine into an attack surface.”
TryGhost has released a critical security patch for CVE-2026-26980 affecting the Ghost CMS platform. This vulnerability impacts core application behavior and could allow attackers to compromise content management operations, potentially leading to unauthorized access, data exposure, or site manipulation. The CVSS score is 9.4, which is Critical severity.
There is no verified evidence of real-world exploitation or publicly available proof-of-concept code. Despite this, the severity of the issue makes it a high-risk concern for organizations running Ghost in production environments.
Key Details
- Affected Product
- Ghost Ghost
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-89
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.