Summary
A critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) is being exploited to steal administrative keys and inject malicious 'ClickFix' scripts into over 700 websites. The campaign targets high-profile domains to deliver malware by tricking visitors into running malicious commands in their system terminal.
Take Action:
If you run a Ghost CMS site, this is urgent. Check your version and update to version 6.19.1 or later. Then rotate all API keys and staff passwords since any credentials from before the patch may already be compromised. Also review your published articles for unauthorized scripts and check API logs for signs of suspicious activity.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
