CVE Catalog
CVE-2026-26980
CriticalSummary
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database.
Risk Assessment
The organization may be exposed to data leaks, which can lead to serious legal and reputational consequences.
Recommendation
It is recommended to upgrade to version 6.19.1 or later to mitigate this vulnerability.
Original NVD description (English source)
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

