Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code, affecting users of the affected software. The attack targets users of Ghost CMS, a popular content management system. The attack vector is a SQL injection vulnerability.

1. Ghost CMS SQL injection vulnerability (CVE-2026-26980)
2. The vulnerability is critical and allows for the injection of malicious JavaScript code.
3. The attack chain involves injecting malicious JavaScript code that triggers ClickFix attack flows.
4. Detection opportunities may include unusual database queries or suspicious JavaScript code execution.

T1190 Exploit Public-Facing Application

Apply the latest patch for Ghost CMS to address the SQL injection vulnerability (CVE-2026-26980).