Ghost has incomplete CSRF protections around OTC use

Impact Incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. Vulnerable versions This vulnerability is present in Ghost from...

sign-alex (=1.0.1) potentially affected by CVE-2026-29053 via ghost (=1.26.2)

ghost NPM version =1.26.2 is affected by a known vulnerability. The following packages have a transitive dependency on ghost and may be impacted: - sign-alex =1.0.1 Source cves: CVE-2026-29053 Source advisory: OSV:GHSA-CGC2-RCRH-QR5X...

GHSA-CGC2-RCRH-QR5X Ghost Vulnerable to Remote Code Execution via Malicious Themes

Impact Specifically crafted malicious themes can execute arbitrary code on the server running Ghost. Vulnerable Versions This vulnerability is present in Ghost v0.7.2 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Workarounds Ghost generally recommends users refrain from installing...

Ghost Vulnerable to Remote Code Execution via Malicious Themes

Impact Specifically crafted malicious themes can execute arbitrary code on the server running Ghost. Vulnerable Versions This vulnerability is present in Ghost v0.7.2 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Workarounds Ghost generally recommends users refrain from installing...

BIT-GHOST-2025-9862 Ghost 6.0.6 - SSRF via oEmbed Bookmark

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

Ghost vulnerable to XSS via malicious Portal preview links

Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...

CVE-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

CVE-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

EUVD-2026-1427

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

CVE-2026-22595

Ghost (Node.js CMS) versions 5.121.0–5.130.5 and 6.0.0–6.10.3 are affected by a Staff Token authentication vulnerability that allows access to endpoints intended for Staff Session authentication. External systems authenticated with Staff Tokens for Admin/Owner-role users could reach these endpoin...

Ghost SQL注入漏洞

Ghost is a hosting service of Ghost open source. An SQL injection vulnerability exists in Ghost versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in the /ghost/api/admin/members/events endpoint that could lead to the execution of arbitrary SQL by a user who has...

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...

GHSA-VMC4-9828-R48R Ghost has SSRF via External Media Inliner

Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...

Ghost has SSRF via External Media Inliner

Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...

GHSA-9XG7-MWMP-XMJX Ghost has Staff Token permission bypass

Impact A vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had...

Ghost has Staff Token permission bypass

Impact A vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had...

GHSA-5FP7-G646-CCF4 Ghost has Staff 2FA bypass

Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. Vulnerable versions This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and v6.11.0 contain a fix for this issue. References Ghost thanks Sho Odagiri of G...

Server Side Request Forgery (SSRF)

Ghost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to send crafted requests to internal resources and potentially access sensitive information...

EUVD-2025-23911

Malicious code in bioql PyPI...