Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code, affecting users of the platform. The attack vector is a SQL injection flaw, which allows attackers to inject malicious code. This vulnerability is critical and requires immediate attention.

1. Ghost CMS is vulnerable to a critical SQL injection flaw (CVE-2026-26980) that allows attackers to inject malicious JavaScript code.
2. The vulnerability affects users of Ghost CMS, and the exploitability is high due to the large-scale campaign.
3. The attack chain involves injecting malicious JavaScript code that triggers ClickFix attack flows, which can lead to further exploitation.
4. Detection opportunities include monitoring for suspicious JavaScript code execution and unusual database activity.

T1059.001 SQL Injection

Apply the latest patch for Ghost CMS to address the SQL injection vulnerability (CVE-2026-26980) and prevent further exploitation.