CVE Catalog

CVE-2026-26980

Critical
Published: Translated: NVD NIST

Summary

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database.

Risk Assessment

The organization may be exposed to data leaks, which can lead to serious legal and reputational consequences.

Recommendation

It is recommended to upgrade to version 6.19.1 or later to mitigate this vulnerability.

Original NVD description (English source)

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS