Critical Alert 4 Active Exploits Detected Today

CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability →
CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability →
CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability →
CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-26980NVD

Vulnerability Summary

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
Severity Level
CRITICAL(9.4)
Published Date
Feb 20, 2026
Last Modified
May 26, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
70.00%Probability
Root Weakness (CWE)
Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityLow