CVE-2026-22597

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2026-22597

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22597.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-22597

Aliases

Published

2026-01-10T02:57:36.898Z

Modified

2026-01-15T05:55:58.515221Z

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N CVSS Calculator

Summary

Ghost has SSRF via External Media Inliner

Details

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.

Database specific

{
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22597.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/tryghost/ghost

Affected ranges

Type

GIT

Repo

https://github.com/tryghost/ghost

Events

Introduced

5b8c97dcb46ae3d552a2f05531723f14c8f806a7

Fixed

67e137d8b0dd70cd5f486bfeea5d1643cee06104

Database specific

{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.11.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/tryghost/ghost

Events

Introduced

c5b116e2b0fe0ce0dc51b25473bd9da0550996ed

Fixed

a07c753c8a08c38d264b429b2a19873b152c097a

Database specific

{
    "versions": [
        {
            "introduced": "5.38.0"
        },
        {
            "fixed": "5.130.6"
        }
    ]
}

Affected versions

@tryghost/admin-x-settings@0.*

@tryghost/admin-x-settings@0.0.2

@tryghost/admin-x-settings@0.0.3

@tryghost/admin-x-settings@0.0.4

@tryghost/admin-x-settings@0.0.5

@tryghost/admin-x-settings@0.0.6

@tryghost/admin-x-settings@0.0.7

@tryghost/admin-x-settings@0.0.8

@tryghost/announcement-bar@1.*

@tryghost/announcement-bar@1.1.6

@tryghost/announcement-bar@1.1.7

@tryghost/comments-ui@0.*

@tryghost/comments-ui@0.13.0

@tryghost/portal@2.*

@tryghost/portal@2.26.0

@tryghost/portal@2.27.0

@tryghost/portal@2.28.0

@tryghost/portal@2.28.1

@tryghost/portal@2.29.0

@tryghost/portal@2.29.1

@tryghost/portal@2.29.2

@tryghost/portal@2.29.3

@tryghost/portal@2.30.0

@tryghost/portal@2.30.1

@tryghost/portal@2.31.0

@tryghost/portal@2.31.1

@tryghost/portal@2.31.2

@tryghost/portal@2.32.0

@tryghost/portal@2.33.0

@tryghost/portal@2.33.1

@tryghost/portal@2.33.2

@tryghost/portal@2.33.3

@tryghost/portal@2.33.4

@tryghost/portal@2.36.5

@tryghost/portal@2.37.0

@tryghost/signup-form@0.*

@tryghost/signup-form@0.0.1

@tryghost/signup-form@0.0.3

@tryghost/signup-form@0.1.0

@tryghost/signup-form@0.1.1

@tryghost/signup-form@0.1.2

@tryghost/signup-form@0.1.3

v5.*

v5.100.0

v5.100.1

v5.101.0

v5.101.1

v5.101.2

v5.101.3

v5.101.4

v5.101.5

v5.101.6

v5.102.0

v5.103.0

v5.104.0

v5.104.1

v5.104.2

v5.105.0

v5.106.0

v5.106.1

v5.107.0

v5.107.1

v5.107.2

v5.108.0

v5.108.1

v5.108.2

v5.109.0

v5.109.1

v5.109.2

v5.109.3

v5.109.4

v5.109.5

v5.109.6

v5.110.0

v5.110.1

v5.110.2

v5.110.3

v5.110.4

v5.111.0

v5.112.0

v5.113.0

v5.113.1

v5.114.0

v5.114.1

v5.115.0

v5.115.1

v5.116.0

v5.116.1

v5.116.2

v5.117.0

v5.118.0

v5.118.1

v5.119.0

v5.119.1

v5.119.2

v5.119.3

v5.120.0

v5.120.1

v5.120.2

v5.120.3

v5.120.4

v5.121.0

v5.122.0

v5.123.0

v5.124.0

v5.125.0

v5.125.1

v5.126.0

v5.127.0

v5.127.1

v5.127.2

v5.128.0

v5.128.1

v5.129.0

v5.129.1

v5.129.2

v5.130.0

v5.130.1

v5.130.2

v5.130.3

v5.130.4

v5.130.5

v5.38.0

v5.39.0

v5.40.0

v5.40.1

v5.40.2

v5.41.0

v5.42.0

v5.42.1

v5.42.2

v5.42.3

v5.43.0

v5.44.0

v5.45.0

v5.45.1

v5.46.0

v5.46.1

v5.47.0

v5.47.1

v5.47.2

v5.48.0

v5.48.1

v5.49.0

v5.49.1

v5.49.2

v5.49.3

v5.50.0

v5.50.1

v5.50.2

v5.50.3

v5.50.4

v5.51.0

v5.51.1

v5.51.2

v5.52.0

v5.52.1

v5.52.2

v5.52.3

v5.53.0

v5.53.1

v5.53.2

v5.53.3

v5.53.4

v5.54.0

v5.54.1

v5.54.2

v5.54.3

v5.54.4

v5.55.0

v5.55.1

v5.55.2

v5.56.0

v5.56.1

v5.57.0

v5.57.1

v5.57.2

v5.57.3

v5.58.0

v5.59.0

v5.59.1

v5.59.2

v5.59.3

v5.59.4

v5.60.0

v5.61.0

v5.61.1

v5.61.2

v5.61.3

v5.62.0

v5.63.0

v5.64.0

v5.65.0

v5.65.1

v5.66.0

v5.66.1

v5.67.0

v5.67.1

v5.68.0

v5.69.0

v5.69.1

v5.69.2

v5.69.3

v5.69.4

v5.70.0

v5.70.1

v5.70.2

v5.71.0

v5.71.1

v5.71.2

v5.72.0

v5.72.1

v5.72.2

v5.73.0

v5.73.1

v5.73.2

v5.74.0

v5.74.1

v5.74.2

v5.74.3

v5.74.4

v5.74.5

v5.75.0

v5.75.1

v5.75.2

v5.75.3

v5.76.0

v5.76.1

v5.76.2

v5.77.0

v5.78.0

v5.79.0

v5.79.1

v5.79.2

v5.79.3

v5.79.4

v5.79.5

v5.79.6

v5.80.0

v5.80.1

v5.80.2

v5.80.3

v5.80.4

v5.80.5

v5.81.0

v5.81.1

v5.82.0

v5.82.1

v5.82.10

v5.82.11

v5.82.12

v5.82.2

v5.82.3

v5.82.4

v5.82.5

v5.82.6

v5.82.7

v5.82.8

v5.82.9

v5.83.0

v5.84.0

v5.84.1

v5.84.2

v5.85.0

v5.85.1

v5.85.2

v5.86.0

v5.86.1

v5.86.2

v5.87.0

v5.87.1

v5.87.2

v5.87.3

v5.88.0

v5.88.1

v5.88.2

v5.88.3

v5.89.0

v5.89.1

v5.89.2

v5.89.3

v5.89.4

v5.89.5

v5.89.6

v5.90.0

v5.90.1

v5.90.2

v5.91.0

v5.92.0

v5.93.0

v5.94.0

v5.94.1

v5.94.2

v5.95.0

v5.96.0

v5.96.1

v5.96.2

v5.97.0

v5.97.1

v5.97.2

v5.97.3

v5.98.0

v5.98.1

v5.99.0

v6.*

v6.0.0

v6.0.1

v6.0.10

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1.0

v6.10.0

v6.10.1

v6.10.2

v6.10.3

v6.2.0

v6.3.0

v6.3.1

v6.4.0

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.7.0

v6.8.0

v6.8.1

v6.9.0

v6.9.1

v6.9.2

v6.9.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22597.json"