FKIE_CVE-2026-22595

Vulnerability from fkie_nvd - Published: 2026-01-10 03:15 - Updated: 2026-01-15 18:34
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
References
security-advisories@github.comhttps://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8Patch
security-advisories@github.comhttps://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3Patch
security-advisories@github.comhttps://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjxPatch, Vendor Advisory
Impacted products
Vendor Product Version
ghost ghost *
ghost ghost *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "ECA8ED19-2E79-4689-ACDD-C5A3F60BC162",
              "versionEndExcluding": "5.130.6",
              "versionStartIncluding": "5.121.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "9EC484AC-A1F0-4C13-BFAB-9DA57116957D",
              "versionEndExcluding": "6.11.0",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0."
    },
    {
      "lang": "es",
      "value": "Ghost es un sistema de gesti\u00f3n de contenido Node.js. En las versiones 5.121.0 a 5.130.5 y 6.0.0 a 6.10.3, una vulnerabilidad en el manejo de Ghost de la autenticaci\u00f3n de token de personal permiti\u00f3 que ciertos puntos finales fueran accedidos que solo estaban destinados a ser accesibles a trav\u00e9s de la autenticaci\u00f3n de sesi\u00f3n de personal. Sistemas externos que han sido autenticados a trav\u00e9s de tokens de personal para usuarios con rol de Administrador/Propietario habr\u00edan tenido acceso a estos puntos finales. Este problema ha sido parcheado en las versiones 5.130.6 y 6.11.0."
    }
  ],
  "id": "CVE-2026-22595",
  "lastModified": "2026-01-15T18:34:49.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-10T03:15:50.553",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.