प्लेटफ़ॉर्म
nodejs
घटक
ghost
में ठीक किया गया
5.101.7
6.19.3
CVE-2026-29784 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Ghost CMS. This flaw allows attackers to potentially exploit login sessions, increasing the risk of unauthorized access and site takeover. The vulnerability impacts versions 5.101.6 through 6.19.2 and has been resolved in version 6.19.3.
The vulnerability lies in incomplete CSRF protections surrounding the /session/verify endpoint. An attacker could craft malicious requests that, if successful, would allow them to use One-Time Codes (OTCs) within login sessions different from the one being actively used by a legitimate user. This significantly lowers the barrier for phishing attacks, as an attacker could potentially trick a user into unknowingly triggering a request that compromises their Ghost site. The blast radius extends to any Ghost site running the vulnerable versions, potentially exposing sensitive data and allowing for complete site control.
This vulnerability was publicly disclosed on March 5, 2026. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Given the nature of CSRF vulnerabilities, it's reasonable to assume that attackers may attempt to exploit this flaw, especially if a public exploit is released.
Ghost CMS users, particularly those running self-hosted instances and relying on OTC authentication, are at risk. Shared hosting environments where multiple Ghost sites share the same server infrastructure could also be affected, as a compromise of one site could potentially lead to lateral movement.
• nodejs / server:
ps aux | grep ghost• nodejs / server:
npm list [email protected]• generic web:
Check the X-Content-Type-Options header in response headers to ensure it's set to nosniff to mitigate some CSRF risks.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to upgrade Ghost CMS to version 6.19.3 or later, which includes the necessary fix. For self-hosted instances using Docker, update the Ghost Docker image to the latest version. If immediate upgrading is not feasible, consider implementing stricter Content Security Policy (CSP) headers to limit the origins from which scripts can be executed. While not a complete solution, this can reduce the attack surface. Regularly review and audit your Ghost CMS configuration for any unusual activity.
Ghost को संस्करण 6.19.3 या उच्चतर में अपडेट करें। यह संस्करण अनुरोधित सत्र से अलग लॉगिन सत्रों में OTCs के उपयोग की अनुमति देने वाली अपूर्ण CSRF सुरक्षाओं को ठीक करता है। अपडेट से हमलावरों द्वारा साइट पर नियंत्रण हासिल करने के जोखिम को कम किया जाता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-29784 is a Cross-Site Request Forgery vulnerability in Ghost CMS versions 5.101.6 to 6.19.2, allowing attackers to potentially take over login sessions.
You are affected if you are running Ghost CMS versions 5.101.6 through 6.19.2. Upgrade to 6.19.3 or later to resolve the issue.
Upgrade Ghost CMS to version 6.19.3 or later. For Docker users, update the Ghost Docker image. Consider implementing stricter CSP headers as a temporary measure.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official Ghost blog and security advisories for the latest information: https://ghost.org/security/
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।