CVE-2026-24778

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24778

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24778.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24778

Aliases

Published

2026-01-27T21:57:45.298Z

Modified

2026-03-13T04:10:10.096613Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Ghost vulnerable to XSS via malicious Portal preview links

Details

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Ghost Portal versions 2.29.1 through 2.51.4 and 2.52.0 through 2.57.0 were vulnerable to this issue. Ghost automatically loads the latest patch of the members Portal component via CDN. For Ghost 5.x users, upgrading to v5.121.0 or later fixes the vulnerability. v5.121.0 loads Portal v2.51.5, which contains the patch. For Ghost 6.x users, upgrading to v6.15.0 or later fixes the vulnerability. v6.15.0 loads Portal v2.57.1, which contains the patch. For Ghost installations using a customized or self-hosted version of Portal, it will be necessary to manually rebuild from or update to the latest patch version.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24778.json"
}

References

Affected packages

Git / github.com/tryghost/ghost

Affected ranges

Type

GIT

Repo

https://github.com/tryghost/ghost

Events

Introduced

eafbb2856c6037789d11899b6dda01c25ba00bec

Fixed

9a3d66f39e6555123bbc17d8616aa1ce4ec93ca9

Introduced

5b8c97dcb46ae3d552a2f05531723f14c8f806a7

Fixed

f2f8bfb39db97d1d3b1798ef95aaacf7d66e6cf9

Fixed

da858e640e88e69c1773a7b7ecdc2008fa143849

Database specific

{
    "versions": [
        {
            "introduced": "5.43.0"
        },
        {
            "fixed": "5.121.0"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.15.0"
        }
    ]
}

Affected versions

@tryghost/admin-x-settings@0.*

@tryghost/admin-x-settings@0.0.2

@tryghost/admin-x-settings@0.0.3

@tryghost/admin-x-settings@0.0.4

@tryghost/admin-x-settings@0.0.5

@tryghost/admin-x-settings@0.0.6

@tryghost/admin-x-settings@0.0.7

@tryghost/admin-x-settings@0.0.8

@tryghost/announcement-bar@1.*

@tryghost/announcement-bar@1.1.6

@tryghost/announcement-bar@1.1.7

@tryghost/comments-ui@0.*

@tryghost/comments-ui@0.13.0

@tryghost/portal@2.*

@tryghost/portal@2.29.2

@tryghost/portal@2.29.3

@tryghost/portal@2.30.0

@tryghost/portal@2.30.1

@tryghost/portal@2.31.0

@tryghost/portal@2.31.1

@tryghost/portal@2.31.2

@tryghost/portal@2.32.0

@tryghost/portal@2.33.0

@tryghost/portal@2.33.1

@tryghost/portal@2.33.2

@tryghost/portal@2.33.3

@tryghost/portal@2.33.4

@tryghost/portal@2.36.5

@tryghost/portal@2.37.0

@tryghost/signup-form@0.*

@tryghost/signup-form@0.0.1

@tryghost/signup-form@0.0.3

@tryghost/signup-form@0.1.0

@tryghost/signup-form@0.1.1

@tryghost/signup-form@0.1.2

@tryghost/signup-form@0.1.3

v5.*

v5.100.0

v5.100.1

v5.101.0

v5.101.1

v5.101.2

v5.101.3

v5.101.4

v5.101.5

v5.101.6

v5.102.0

v5.103.0

v5.104.0

v5.104.1

v5.104.2

v5.105.0

v5.106.0

v5.106.1

v5.107.0

v5.107.1

v5.107.2

v5.108.0

v5.108.1

v5.108.2

v5.109.0

v5.109.1

v5.109.2

v5.109.3

v5.109.4

v5.109.5

v5.109.6

v5.110.0

v5.110.1

v5.110.2

v5.110.3

v5.110.4

v5.111.0

v5.112.0

v5.113.0

v5.113.1

v5.114.0

v5.114.1

v5.115.0

v5.115.1

v5.116.0

v5.116.1

v5.116.2

v5.117.0

v5.118.0

v5.118.1

v5.119.0

v5.119.1

v5.119.2

v5.119.3

v5.120.0

v5.120.1

v5.120.2

v5.120.3

v5.120.4

v5.43.0

v5.44.0

v5.45.0

v5.45.1

v5.46.0

v5.46.1

v5.47.0

v5.47.1

v5.47.2

v5.48.0

v5.48.1

v5.49.0

v5.49.1

v5.49.2

v5.49.3

v5.50.0

v5.50.1

v5.50.2

v5.50.3

v5.50.4

v5.51.0

v5.51.1

v5.51.2

v5.52.0

v5.52.1

v5.52.2

v5.52.3

v5.53.0

v5.53.1

v5.53.2

v5.53.3

v5.53.4

v5.54.0

v5.54.1

v5.54.2

v5.54.3

v5.54.4

v5.55.0

v5.55.1

v5.55.2

v5.56.0

v5.56.1

v5.57.0

v5.57.1

v5.57.2

v5.57.3

v5.58.0

v5.59.0

v5.59.1

v5.59.2

v5.59.3

v5.59.4

v5.60.0

v5.61.0

v5.61.1

v5.61.2

v5.61.3

v5.62.0

v5.63.0

v5.64.0

v5.65.0

v5.65.1

v5.66.0

v5.66.1

v5.67.0

v5.67.1

v5.68.0

v5.69.0

v5.69.1

v5.69.2

v5.69.3

v5.69.4

v5.70.0

v5.70.1

v5.70.2

v5.71.0

v5.71.1

v5.71.2

v5.72.0

v5.72.1

v5.72.2

v5.73.0

v5.73.1

v5.73.2

v5.74.0

v5.74.1

v5.74.2

v5.74.3

v5.74.4

v5.74.5

v5.75.0

v5.75.1

v5.75.2

v5.75.3

v5.76.0

v5.76.1

v5.76.2

v5.77.0

v5.78.0

v5.79.0

v5.79.1

v5.79.2

v5.79.3

v5.79.4

v5.79.5

v5.79.6

v5.80.0

v5.80.1

v5.80.2

v5.80.3

v5.80.4

v5.80.5

v5.81.0

v5.81.1

v5.82.0

v5.82.1

v5.82.10

v5.82.11

v5.82.12

v5.82.2

v5.82.3

v5.82.4

v5.82.5

v5.82.6

v5.82.7

v5.82.8

v5.82.9

v5.83.0

v5.84.0

v5.84.1

v5.84.2

v5.85.0

v5.85.1

v5.85.2

v5.86.0

v5.86.1

v5.86.2

v5.87.0

v5.87.1

v5.87.2

v5.87.3

v5.88.0

v5.88.1

v5.88.2

v5.88.3

v5.89.0

v5.89.1

v5.89.2

v5.89.3

v5.89.4

v5.89.5

v5.89.6

v5.90.0

v5.90.1

v5.90.2

v5.91.0

v5.92.0

v5.93.0

v5.94.0

v5.94.1

v5.94.2

v5.95.0

v5.96.0

v5.96.1

v5.96.2

v5.97.0

v5.97.1

v5.97.2

v5.97.3

v5.98.0

v5.98.1

v5.99.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2.29.1"
            },
            {
                "fixed": "2.51.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2.52.0"
            },
            {
                "fixed": "2.57.1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24778.json"