CVE-2026-29053

HIGH

Ghost 0.7.2-6.19.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-29053. PoCs published by AC8999, rootxran.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-29053, targeting Ghost CMS <= 6.19.0 via a malicious theme with crafted Handlebars templates. The exploit leverages the `jsonpath` package's unsafe use of `static-eval` to achieve remote code execution.

Description

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

Exploits (2)

nomisec WORKING POC

by AC8999 · poc

https://github.com/AC8999/CVE-2026-29053

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-29053, targeting Ghost CMS <= 6.19.0 via a malicious theme with crafted Handlebars templates. The exploit leverages the `jsonpath` package's unsafe use of `static-eval` to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ghost CMS <= 6.19.0

Auth required

Prerequisites: Admin access to upload and activate a malicious theme · Target running vulnerable Ghost CMS version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 22, 2026 Full analysis →

nomisec WORKING POC

by rootxran · poc

https://github.com/rootxran/CVE-2026-29053

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-29053, a Ghost CMS RCE vulnerability via prototype pollution in jsonpath/static-eval. The exploit generates a malicious theme that executes arbitrary code when uploaded and rendered.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ghost CMS <= 6.19.0

Auth required

Prerequisites: Admin access to upload themes · Ghost CMS with vulnerable jsonpath/static-eval versions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x

Scores

CVSS v3 7.6

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-74

Status published

Products (2)

ghost/ghost 0.7.2 - 6.19.1

npm/ghost 0.7.2 - 6.19.1npm

Published Mar 05, 2026

Tracked Since Mar 05, 2026