URL has been copied successfully!
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks


Tags: , , , , , , , , , ,

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read arbitrary data from the

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
  2. Treasury Department Breach: A Crucial Reminder for API Security in the Public Sector
  3. CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild
  4. Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks