CVE-2026-26980
Published
CVSS v3
9.4
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
Independent technology for modern publishing, memberships, subscriptions and newsletters.
GitHub