13 matches found
CVE-2026-22595
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
BIT-GHOST-2026-22595 Ghost has Staff Token permission bypass
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
CVE-2026-22597
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2026-22595
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
CVE-2026-22595 Ghost has Staff Token permission bypass
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
CVE-2026-22595 Ghost has Staff Token permission bypass
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
CVE-2026-22595 Ghost has Staff Token permission bypass
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
EUVD-2026-1428
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
CVE-2026-22595
Ghost (Node.js CMS) versions 5.121.0–5.130.5 and 6.0.0–6.10.3 are affected by a Staff Token authentication vulnerability that allows access to endpoints intended for Staff Session authentication. External systems authenticated with Staff Tokens for Admin/Owner-role users could reach these endpoin...
PT-2026-2217
Name of the Vulnerable Software and Affected Versions Ghost versions 5.121.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in how Ghost manages Staff Token authentication permitted access to endpoints intended only for Staff...
Ghost 安全漏洞
Ghost is a hosting service from Ghost Open Source. A security vulnerability in Ghost versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3 stems from a flaw in the way Ghost handles staff token authentication, which could lead to improper access to certain endpoints that are restricted to...
GHSA-9XG7-MWMP-XMJX Ghost has Staff Token permission bypass
Impact A vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had...
Ghost has Staff Token permission bypass
Impact A vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had...