Ghost CMS Product Security Update Advisory (CVE-2026-26980)

Overview

A security update has been released to address a SQL Injection vulnerability (CVE-2026-26980) in the Ghost CMS product. users of the affected products should update to the latest version.

Affected Products

• Ghost CMS versions 3.24.0 through 6.19.1 and earlier.
• CVE-2026-26980 is resolved in Ghost CMS version 6.19.1 and later.

Vulnerability Description

• This is a SQL Injection vulnerability (CVE-2026-26980) in Ghost CMS.
• vulnerability Patch has been provided in the latest update.

What to do

• you should follow the instructions on the reference site to update to the latest version of the Vulnerability Patch.