top of page
perceptive_background_267k.jpg

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staf…

Published:

9 januari 2026 om 23:00:00

Alert date:

10 januari 2026 om 13:10:58

Source:

nvd.nist.gov

Click to open the original link from this advisory

CVE-2026-22594 affects Ghost Node.js content management system versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3. The vulnerability allows staff users to bypass email 2FA authentication mechanism. This represents a significant authentication bypass that could allow unauthorized access to administrative functions. The issue has been patched in versions 5.130.6 and 6.11.0. Organizations using affected versions should upgrade immediately to prevent potential unauthorized access.

Technical details

Mitigation steps:

Affected products:

Ghost CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-22594
https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b
https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07
https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page