Technology|May 25, 2026|3 min read

Ghost CMS CVE-2026-26980 Exploited in the Wild

A critical vulnerability in Ghost CMS (CVE-2026-26980) is being actively exploited in the wild, putting thousands of websites at risk. Security researchers urge immediate patching to prevent unauthorized access and data breaches.

#ghost-cms#cve-2026-26980#security-vulnerability#exploit#cybersecurity#web-security#patch#zero-day

The Hacker News

Contributor

Share this story

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a critical SQL injection vulnerability in Ghost CMS to hijack 700+ websites and inject malicious JavaScript code for ClickFix attacks. The flaw allows unauthenticated attackers to extract admin API keys and modify published content.