BIT-ghost-2026-29053

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/ghost/BIT-ghost-2026-29053.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-ghost-2026-29053

Aliases

CVE-2026-29053
GHSA-cgc2-rcrh-qr5x

Published

2026-03-07T08:42:59.400Z

Modified

2026-03-07T09:41:04.560861Z

Summary

Ghost Vulnerable to Remote Code Execution via Malicious Themes

Details

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

Database specific

{
    "cpes": [
        "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / ghost

Package

Name: ghost
Purl: pkg:bitnami/ghost

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0.7.2

Fixed

6.19.1

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/ghost/BIT-ghost-2026-29053.json"