Plataforma
nodejs
Componente
ghost
Corrigido em
5.101.7
6.19.3
CVE-2026-29784 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Ghost CMS. This flaw allows attackers to potentially exploit login sessions, increasing the risk of unauthorized access and site takeover. The vulnerability impacts versions 5.101.6 through 6.19.2 and has been resolved in version 6.19.3.
The vulnerability lies in incomplete CSRF protections surrounding the /session/verify endpoint. An attacker could craft malicious requests that, if successful, would allow them to use One-Time Codes (OTCs) within login sessions different from the one being actively used by a legitimate user. This significantly lowers the barrier for phishing attacks, as an attacker could potentially trick a user into unknowingly triggering a request that compromises their Ghost site. The blast radius extends to any Ghost site running the vulnerable versions, potentially exposing sensitive data and allowing for complete site control.
This vulnerability was publicly disclosed on March 5, 2026. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Given the nature of CSRF vulnerabilities, it's reasonable to assume that attackers may attempt to exploit this flaw, especially if a public exploit is released.
Ghost CMS users, particularly those running self-hosted instances and relying on OTC authentication, are at risk. Shared hosting environments where multiple Ghost sites share the same server infrastructure could also be affected, as a compromise of one site could potentially lead to lateral movement.
• nodejs / server:
ps aux | grep ghost• nodejs / server:
npm list [email protected]• generic web:
Check the X-Content-Type-Options header in response headers to ensure it's set to nosniff to mitigate some CSRF risks.
disclosure
Status do Exploit
EPSS
0.02% (percentil 5%)
CISA SSVC
Vetor CVSS
The primary mitigation is to upgrade Ghost CMS to version 6.19.3 or later, which includes the necessary fix. For self-hosted instances using Docker, update the Ghost Docker image to the latest version. If immediate upgrading is not feasible, consider implementing stricter Content Security Policy (CSP) headers to limit the origins from which scripts can be executed. While not a complete solution, this can reduce the attack surface. Regularly review and audit your Ghost CMS configuration for any unusual activity.
Atualize o Ghost para a versão 6.19.3 ou superior. Esta versão corrige as proteções CSRF incompletas que permitiam o uso de OTCs em sessões de login diferentes da sessão solicitante. A atualização mitiga o risco de que atacantes assumam o controle do site.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-29784 is a Cross-Site Request Forgery vulnerability in Ghost CMS versions 5.101.6 to 6.19.2, allowing attackers to potentially take over login sessions.
You are affected if you are running Ghost CMS versions 5.101.6 through 6.19.2. Upgrade to 6.19.3 or later to resolve the issue.
Upgrade Ghost CMS to version 6.19.3 or later. For Docker users, update the Ghost Docker image. Consider implementing stricter CSP headers as a temporary measure.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official Ghost blog and security advisories for the latest information: https://ghost.org/security/
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.