TECHNOLOGY

China-based researchers uncover global Ghost CMS hack

▪

Read, Watch or Listen

China-based researchers uncover global Ghost CMS hack

Media Bias Meter

Sources: 2

Center 100%

Sources: 2

More than 700 websites running the Ghost content management system have been compromised through a recently disclosed vulnerability, CVE-2026-26980, according to research by Chinese cybersecurity firm Qianxin XLab reported Monday by SecurityWeek. The flaw affects Ghost versions 3.24.0 through 6.19.0 and allows unauthenticated attackers to read arbitrary database content. Using this access, attackers reportedly obtained Ghost Admin API keys and bulk-edited articles to inject malicious JavaScript loaders enabling ClickFix social engineering attacks. Impacted sites are said to include properties linked to DuckDuckGo, Harvard University and Oxford University. The issue is patched in Ghost version 6.19.1, according to the National Vulnerability Database.

Prepared by Jonathan Pierce and reviewed by editorial team.

Timeline of Events

May 7 Qianxin XLab detects page poisoning
May 7 Investigation links multiple Ghost sites
After May 7 Attackers harvest Ghost Admin keys
After May 7 Malicious JavaScript loaders injected
Recent weeks Over 700 Ghost sites compromised
Recently NVD rates vulnerability high severity
Recently Ghost fixes flaw in version 6.19.1
Monday SecurityWeek publishes Qianxin research findings

Why This Matters to You

Your favorite websites could be at risk. Over 700 sites, including DuckDuckGo and university pages, were compromised. Hackers used a flaw in Ghost CMS to read database content and inject malicious code. If you use these sites, your data could be exposed.

The Bottom Line

Always keep your software updated. Ghost has patched the flaw in version 6.19.1. If you run a website on Ghost, upgrade now. And remember, even trusted sites can be hacked. Be cautious where you share personal information. Worth forwarding if you know someone with a Ghost site.