Plattform
nodejs
Komponente
ghost
Behoben in
6.0.1
5.38.1
5.130.7
6.11.1
6.11.0
CVE-2026-22597 describes a Server-Side Request Forgery (SSRF) vulnerability within the media inliner mechanism of Ghost CMS. This flaw allows authenticated staff users possessing a valid Ghost Admin API token to potentially exfiltrate data from internal systems. The vulnerability affects versions 5.38.0 through 5.130.5, and versions 6.0.0 through 6.10.3, with a fix available in version 6.11.0.
An attacker exploiting this SSRF vulnerability could leverage a staff user's authentication token to initiate requests to internal resources that are not directly accessible from the internet. This could lead to the exposure of sensitive data stored within the internal network, such as configuration files, database credentials, or other confidential information. The impact is limited to authenticated staff users; unauthenticated attackers cannot directly trigger the vulnerability. While the CVSS score is LOW, the potential for data exfiltration within a trusted network warrants prompt remediation.
This vulnerability was discovered and responsibly disclosed by Sho Odagiri of GMO Cybersecurity by Ierae, Inc. No public proof-of-concept (PoC) code has been released as of the publication date. The vulnerability is not currently listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is currently considered low.
Organizations utilizing Ghost CMS for their blogging or content management needs are at risk, particularly those with staff users who have access to the Ghost Admin API. Deployments with complex internal network architectures and sensitive data stored on internal servers are at higher risk, as the SSRF vulnerability could be used to bypass network segmentation and access this data.
• nodejs / server:
journalctl -u ghost | grep -i "ssrf"• nodejs / server:
ps aux | grep -i "ghost" | grep -i "inliner"• generic web: Use curl to probe internal endpoints accessible from the Ghost CMS server. Look for unexpected responses or data leakage.
curl -v http://<internal_ip>/<sensitive_endpoint>disclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22597 is to upgrade Ghost CMS to version 6.11.0 or later, which includes a fix for the SSRF vulnerability. If upgrading immediately is not feasible, consider restricting the network access of the Ghost CMS server to minimize the potential impact of a successful SSRF attack. Review and audit the permissions granted to staff users to ensure they adhere to the principle of least privilege. Implement a Web Application Firewall (WAF) with SSRF protection rules to filter outbound requests and block malicious attempts.
Aktualisieren Sie Ghost auf Version 5.130.6 oder höher oder auf Version 6.11.0 oder höher. Dies behebt die SSRF-Schwachstelle im Media-Inliner-Mechanismus. Das Update kann über das Ghost Admin-Panel oder über die Kommandozeile durchgeführt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22597 is a Server-Side Request Forgery vulnerability in Ghost CMS versions 5.38.0 - 5.130.5 and 6.0.0 - 6.10.3, allowing authenticated staff users to exfiltrate data.
You are affected if you are running Ghost CMS versions 5.38.0 - 5.130.5 or 6.0.0 - 6.10.3 and have staff users with access to the Ghost Admin API.
Upgrade Ghost CMS to version 6.11.0 or later to resolve the SSRF vulnerability.
There are currently no reports of active exploitation, but the potential for data exfiltration warrants prompt remediation.
Refer to the Ghost CMS security advisory for detailed information and updates: [https://ghost.org/security/advisories/CVE-2026-22597](https://ghost.org/security/advisories/CVE-2026-22597)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.