Количество 3
Количество 3
CVE-2026-22595
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
CVE-2026-22595
Ghost is a Node.js content management system. In versions 5.121.0 thro ...
GHSA-9xg7-mwmp-xmjx
Ghost has Staff Token permission bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22595 Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0. | CVSS3: 8.1 | 0% Низкий | 10 дней назад |
| CVE-2026-22595 Ghost is a Node.js content management system. In versions 5.121.0 thro ... | CVSS3: 8.1 | 0% Низкий | 10 дней назад |
| GHSA-9xg7-mwmp-xmjx Ghost has Staff Token permission bypass | CVSS3: 8.1 | 0% Низкий | 12 дней назад |
Уязвимостей на страницу