Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

Summary + source link. No paywalls, no tracking.

Vulnerabilities 2026-05-24 10:12 Source: BleepingComputer

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

Read original →