Technology|May 26, 2026|1 min read

Ghost CMS CVE-2026-26980 Exploited to Deploy Malware

A critical vulnerability in Ghost CMS (CVE-2026-26980) is being actively exploited by attackers to deploy malware on compromised systems.

#ghost-cms#cve-2026-26980#malware#vulnerability#cybersecurity#exploit#cms-security

The Hacker News

Contributor

Share this story

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to compromise over 700 websites and inject malicious JavaScript code that fuels ClickFix attacks targeting users across universities, AI, blockchain, and financial sectors.