CNNVD-202601-1751 Information
CNNVD ID
CNNVD-202601-1751
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Ghost是Ghost开源的一个托管服务。 Ghost 5.38.0版本至5.130.5版本和6.0.0版本至6.10.3版本存在代码问题漏洞,该漏洞源于Ghost的媒体内联机制存在缺陷,可能导致拥有有效Ghost Admin API身份验证令牌的工作人员用户通过服务端请求伪造从内部系统渗漏数据。
Description (English)
Ghost is a hosting service for the Ghost Open Source. There is a code problem loophole in the Ghost versions 5.38.0 to 5.130.5 and 6.0.0 to 6.10.3, which stems from deficiencies in the media interlinking mechanism in Ghost, which may result in the falsification of leakage data from the internal system through service-end requests by staff members with valid Ghost Admin API identification badges.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Ghost
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9 https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51 https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
Patch
https://github.com/TryGhost/Ghost/releases
Share on: