CNNVD-202601-1753 Information
CNNVD ID
CNNVD-202601-1753
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Ghost是Ghost开源的一个托管服务。 Ghost 5.121.0版本至5.130.5版本和6.0.0版本至6.10.3版本存在安全漏洞,该漏洞源于Ghost处理工作人员令牌身份验证的方式存在缺陷,可能导致某些仅限通过工作人员会话身份验证访问的端点被不当访问。
Description (English)
Ghost is a hosting service for the Ghost Open Source. There is a security loophole between versions 5.12.1.0 to 5.130.5 and 6.0.0 to 6.10.3, which stems from deficiencies in the way in which Ghost processes the identification of staff members ’ tokens, which may lead to inappropriate access to certain end points that are restricted to the identification of staff members through their sessions.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Ghost
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8 https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3 https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx
Patch
https://github.com/TryGhost/Ghost/releases
Share on: