CVE-2026-29053

Published: Mar 05, 2026 Last Modified: Mar 09, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,6
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: high
User Interaction: required
Scope: changed
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,1th
Updated

EPSS Score Trend (Last 11 Days)

74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Access Control Other Integrity Non-Repudiation
Potential Impacts:
Read Application Data Bypass Protection Mechanism Alter Execution Logic Other Hide Activities
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Application

Ghost by Ghost

Product Information
Vendor Ghost
Product Ghost
Version Range Affected
From 0.7.2 (inclusive)
To 6.19.1 (exclusive)
cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/TryGhost/Ghost/security/advisories/GHSA-…
https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x