A patched SQL injection vulnerability in the Ghost CMS, tracked as CVE-2026-26980, has been mass-exploited to compromise more than 700 websites. Attackers used stolen Admin API keys to inject malicious JavaScript loaders for ClickFix attacks, affecting sites linked to DuckDuckGo, Harvard University, and Oxford University. #Ghost #CVE-2026-26980 #DuckDuckGo #HarvardUniversity #OxfordUniversity #ClickFix
Keypoints
- CVE-2026-26980 is an SQL injection flaw in Ghost CMS.
- The issue can let unauthenticated attackers steal sensitive data from the Ghost database.
- Threat actors used the flaw to obtain Admin API Keys from unpatched sites.
- Malicious JavaScript loaders were injected to support ClickFix attacks.
- More than 700 websites were compromised, including major organizations.
Read More: https://www.securityweek.com/ghost-cms-vulnerability-exploited-to-hack-over-700-websites/