Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin.

The exploited vulnerability is tracked as CVE-2026-26980 and its existence came to light in February when it was patched.

Ghost is a widely used open source CMS designed specifically for blogging, newsletters, and publishing, offering built-in tools for memberships, subscriptions, and audience monetization. According to its developer, Ghost is actively used by over 100,000 websites.

When CVE-2026-26980 was disclosed, SentinelOne warned that the vulnerability, an SQL injection flaw, can be exploited by unauthenticated attackers to extract sensitive data from the Ghost database. The security firm noted that an attacker could obtain authentication tokens, user credentials, and website content.

Qianxin reported last week that CVE-2026-26980 has been exploited in mass attacks against unpatched Ghost instances.