ГлавнаяУязвимости → CVE-2026-26980
9.4критическая

CVE-2026-26980

Описание

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Затрагиваемое ПО
Ghost Ghost
CVSS
Балл9.4 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Источники
https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91https://github.com/TryGhost/Ghost/releases/tag/v6.19.1https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980/