Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

CVE-2026-26980 is a CVSS 9.5 unauthenticated SQL injection in the Ghost CMS Content API affecting all versions from 3.24.0 through 6.19.0, patched in v6.19.1 released February 19, 2026. Active exploitation across 700+ domains has been reported, with attackers extracting admin API keys and injecting malicious JavaScript to redirect site visitors into ClickFix payload delivery. Organizations in education, fintech, and media are confirmed affected.

Author

Tech Jacks Solutions