CVE-2026-24778

Name of the Vulnerable Software and Affected Versions Ghost versions 5.43.0 through 5.12.04 Ghost versions 6.0.0 through 6.14.0 Ghost Portal versions 2.29.1 through 2.51.4 Ghost Portal versions 2.52.0 through 2.57.0

Description Ghost is a content management system. An attacker can create a malicious link that, when accessed by an authenticated staff user or member, executes JavaScript with the victim's permissions, potentially leading to account takeover.

Recommendations For Ghost 5.x installations, upgrade to version 5.121.0 or later. For Ghost 6.x installations, upgrade to version 6.15.0 or later. For Ghost installations using a customized or self-hosted version of Portal, manually rebuild from or update to the latest patch version.