4 matches found
CVE-2026-22597
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2026-22595
Ghost (Node.js CMS) versions 5.121.0–5.130.5 and 6.0.0–6.10.3 are affected by a Staff Token authentication vulnerability that allows access to endpoints intended for Staff Session authentication. External systems authenticated with Staff Tokens for Admin/Owner-role users could reach these endpoin...
Ghost 安全漏洞
Ghost is a hosting service from Ghost Open Source. A security vulnerability in Ghost versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3 stems from a flaw in the way Ghost handles staff token authentication, which could lead to improper access to certain endpoints that are restricted to...
PT-2026-2217
Name of the Vulnerable Software and Affected Versions Ghost versions 5.121.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in how Ghost manages Staff Token authentication permitted access to endpoints intended only for Staff...