PT-2026-2217 · Ghost · Ghost
Odgrso
·
Published
2026-01-08
·
Updated
2026-01-15
·
CVE-2026-22595
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ghost versions 5.121.0 through 5.130.5
Ghost versions 6.0.0 through 6.10.3
Description
Ghost is a Node.js content management system. A flaw in how Ghost manages Staff Token authentication permitted access to endpoints intended only for Staff Session authentication. Systems authenticated with Staff Tokens for Admin/Owner-role users could access these endpoints.
Recommendations
Ghost versions 5.121.0 through 5.130.5 should be updated to version 5.130.6 or later.
Ghost versions 6.0.0 through 6.10.3 should be updated to version 6.11.0 or later.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ghost