CRITICALVulnerability
Global

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

·Source: BleepingComputer

Updated:

Executive Summary

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

Analysis

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

Indicators of Compromise (1)

CVE (1)
CVE-2026-26980
NVDMITRE CVE
Source Attribution

Originally published by BleepingComputer on May 24, 2026.

Related Threats

MEDIUMVulnerabilityNEW

Mastercard asks Brazilian payment processors to split Will losses

Mastercard is asking Brazilian payment processors to absorb some of nearly $1 billion in losses connected to the failure of Banco Masters.

Finextra
MEDIUMVulnerabilityNEW

PowerSchool’s $17.25 Million Settlement Exposes Years of Student Data Tracking

If you ask most people what breach PowerSchool experienced, their first response might be the 2024 hacking incident that affected tens of millions of students. But even before that breach, there was another significant breach involving PowerSchool that began in 2021. Colin Lee and Koji Edmunds report: In early April, many students across the world... Source

DataBreaches.net
CRITICALVulnerability

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

CVE-2026-26980
The Hacker News