Ghost CMS Content API SQL injection SQL injection flaw (CVE-2026-26980)
Vulnerability
Summary
Hide ▲
Show ▼
Threat actors are actively exploiting CVE-2026-26980 in Ghost CMS Content API, creating SQL injection risk that can expose database data and enable unauthorized admin API key access. The flaw was patched in version 6.19.1 in February 2026. Attackers have used the access to poison sites with malicious JavaScript for ClickFix lures, and the campaign has reached more than 700 websites.
Related Happenings
Ghost CMS CVE-2026-26980 ClickFix campaign
Campaign
First: 24.05.2026 17:12
Last: 24.05.2026 17:12
Sources 1
About this happening:
A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
Ghost CMS CVE-2026-26980 ClickFix campaign
CampaignAbout this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
Claude Desktop official extensions unsanitized AppleScript command injection three RCEs command injection flaw
Vulnerability
First: 29.12.2025 17:00
Last: 29.12.2025 17:00
Sources 1
About this happening:
Three **RCE vulnerabilities** were disclosed in **Claude Desktop**'s official **Chrome**, **iMessage**, and **Apple Notes** connectors, exposing users to **arbitrary code executio...
Claude Desktop official extensions unsanitized AppleScript command injection three RCEs command injection flaw
VulnerabilityAbout this happening: Three **RCE vulnerabilities** were disclosed in **Claude Desktop**'s official **Chrome**, **iMessage**, and **Apple Notes** connectors, exposing users to **arbitrary code executio...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector Action
First: 03.10.2025 11:23
Last: 03.10.2025 11:23
Sources 1
About this happening:
CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector ActionAbout this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
Timeline
-
25.05.2026 15:02 2 articles · 2d ago
Ghost CMS Content API SQL injection SQL injection flaw (CVE-2026-26980)
Initial DisclosureThe vulnerability was **disclosed and patched in February 2026** with **version 6.19.1**, but it later became a live attack path for **CVE-2026-26980**. The initial abuse centered on obtaining **admin API keys** and using them to modify Ghost content.
Show sources
- Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks — thehackernews.com — 25.05.2026 15:02
- Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks — thehackernews.com — 25.05.2026 15:02