A critical security flaw in Ghost CMS has been exploited by threat actors to hijack over 700 websites for malicious purposes. The vulnerability, identified as CVE-2026-26980, is an SQL injection issue in the Content API that allows unauthenticated attackers to read arbitrary data from the database. This exploitation has led to ClickFix attacks, which involve injecting malicious JavaScript code to compromise the affected sites. The severity of the issue is underscored by its CVSS score of 9.4, indicating a high risk of exploitation. The Ghost CMS community and users are advised to take immediate action to secure their sites, as the threat actors are actively exploiting this vulnerability.

AI summaries can be wrong sometimes—always verify important details using the source article.