Ghost CMS flaw exploited in campaign hijacking 700 websites

A serious flaw in Ghost CMS was turned into a large-scale website poisoning campaign, with attackers using compromised pages to push malicious JavaScript and fake CAPTCHA flows across more than 700 domains. The abuse matters because Ghost is widely used for publishing and membership sites, where visitors are primed to trust the page, stay logged in, and click through without hesitation.

The vulnerability, tracked as CVE-2026-26980, was a SQL injection in Ghost’s Content API. GitHub’s advisory database said affected versions ranged from Ghost v3.24.0 through v6.19.0, and it warned that the bug could expose site API keys. GitHub advised operators to review staff users and rotate keys. GitLab dated its advisory to February 18, 2026, and said the flaw allowed unauthenticated attackers to read arbitrary data from the database. Snyk described the issue as a SQL injection in the Content API’s slug filter ordering logic.

Ghost Forum maintainers said on February 17, 2026 that the problem had been patched in Ghost v6.19.1 and rolled out on Ghost(Pro), while self-hosted sites needed to update as soon as possible. That advice now reads as urgent, because the exploit was not just theoretical. The reporting says the vulnerability was discovered by Anthropic using Claude, then later weaponized in a campaign that QiAnXin XLab tied to attackers who first obtained a target site’s Admin API key without authorization and then used the Ghost Admin API to tamper with articles in bulk.

Once inside, the attackers inserted malicious JavaScript loaders at the bottom of pages to help launch ClickFix-style attacks. That technique turns the victim’s own website into part of the attack chain, making prompts and redirects look legitimate because they are being served from a familiar domain. Reported affected sites included Harvard University, Oxford University, Auburn University and DuckDuckGo, showing how broadly the compromise reached across recognized institutions and high-traffic properties.

For site operators, the immediate priority is to patch Ghost to v6.19.1, review staff accounts, and rotate any keys that may have been exposed. For ordinary users, the warning signs are subtler: unexpected CAPTCHA prompts, strange redirects, or a familiar site suddenly asking for unusual verification. In this campaign, the danger was not a broken login page. It was a trusted page quietly becoming the delivery system.