Michael Barrett

8 exploits Active since Jan 2026
CVE-2026-22594 WRITEUP HIGH WRITEUP
Ghost 5.105.0-5.130.5 and 6.0.0-6.10.3 - Authenticated 2FA Bypass via Email Verification Skip
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 8.1
CVE-2026-22595 WRITEUP HIGH WRITEUP
Ghost 5.121.0-5.130.5 and 6.0.0-6.10.3 - Incorrect Authorization via Staff Token Authentication
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 8.1
CVE-2026-22596 WRITEUP MEDIUM WRITEUP
Ghost 5.90.0-5.130.5 and 6.0.0-6.10.3 - Authenticated SQL Injection via Admin API Members Events Endpoint
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 6.7
CVE-2026-22597 WRITEUP LOW WRITEUP
Ghost 5.38.0-5.130.5 and 6.0.0-6.10.3 - Authenticated Server-Side Request Forgery via Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 2.7
CVE-2026-22594 WRITEUP HIGH WRITEUP
Ghost 5.105.0-5.130.5 and 6.0.0-6.10.3 - Authenticated 2FA Bypass via Email Verification Skip
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 8.1
CVE-2026-22595 WRITEUP HIGH WRITEUP
Ghost 5.121.0-5.130.5 and 6.0.0-6.10.3 - Incorrect Authorization via Staff Token Authentication
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 8.1
CVE-2026-22596 WRITEUP MEDIUM WRITEUP
Ghost 5.90.0-5.130.5 and 6.0.0-6.10.3 - Authenticated SQL Injection via Admin API Members Events Endpoint
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 6.7
CVE-2026-22597 WRITEUP LOW WRITEUP
Ghost 5.38.0-5.130.5 and 6.0.0-6.10.3 - Authenticated Server-Side Request Forgery via Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS 2.7