BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News🩹 Patch
🩹 PatchThe Hacker News·9d ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by The Hacker News

Source: https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin