CVE-2026-22595
HIGH
GHSA-9xg7-mwmp-xmjx
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
3Description
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
Analysis
Ghost CMS versions 5.121.0-5.130.5 and 6.0.0-6.10.3 incorrectly allow Staff Token authentication to access endpoints restricted to Staff Session authentication, enabling authenticated Admin/Owner-role users to perform unauthorized actions. An attacker with valid Staff Token credentials for elevated roles could bypass authentication restrictions and access sensitive endpoints not intended for token-based access. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 7 days: Identify all affected systems running versions 5.121.0 and apply vendor patches promptly. Vendor patch is available.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today