CVE-2026-29784

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-29784

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29784.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-29784

Aliases

Published

2026-03-07T15:30:38.331Z

Modified

2026-03-13T07:53:32.307906Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Ghost: Incomplete CSRF protections around OTC use

Details

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29784.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-352"
    ]
}

References

Affected packages

Git / github.com/tryghost/ghost

Affected ranges

Type: GIT
Repo: https://github.com/tryghost/ghost
Events: Introduced

2d072c27583f9693176c62236f42690e6b01a953

Fixed

d71c0bb6e4bf947437ee7e8559fac506a9c77bb7

Affected versions

v5.*

v5.101.6

v5.102.0

v5.103.0

v5.104.0

v5.104.1

v5.104.2

v5.105.0

v5.106.0

v5.106.1

v5.107.0

v5.107.1

v5.107.2

v5.108.0

v5.108.1

v5.108.2

v5.109.0

v5.109.1

v5.109.2

v5.109.3

v5.109.4

v5.109.5

v5.109.6

v5.110.0

v5.110.1

v5.110.2

v5.110.3

v5.110.4

v5.111.0

v5.112.0

v5.113.0

v5.113.1

v5.114.0

v5.114.1

v5.115.0

v5.115.1

v5.116.0

v5.116.1

v5.116.2

v5.117.0

v5.118.0

v5.118.1

v5.119.0

v5.119.1

v5.119.2

v5.119.3

v5.120.0

v5.120.1

v5.120.2

v5.120.3

v5.120.4

v5.121.0

v5.122.0

v5.123.0

v5.124.0

v5.125.0

v5.125.1

v5.126.0

v5.127.0

v5.127.1

v5.127.2

v5.128.0

v5.128.1

v5.129.0

v5.129.1

v5.129.2

v5.130.0

v5.130.1

v5.130.2

v6.*

v6.0.0

v6.0.0-alpha.2

v6.0.0-rc.0

v6.0.0-rc.1

v6.0.0-rc.2

v6.0.0-rc.3

v6.0.1

v6.0.10

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1.0

v6.10.0

v6.10.1

v6.10.2

v6.10.3

v6.11.0

v6.12.0

v6.12.1

v6.13.0

v6.13.1

v6.13.2

v6.14.0

v6.15.0

v6.16.0

v6.16.1

v6.17.0

v6.17.1

v6.17.2

v6.18.0

v6.18.2

v6.19.0

v6.19.1

v6.19.2

v6.2.0

v6.3.0

v6.3.1

v6.4.0

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.7.0

v6.8.0

v6.8.1

v6.9.0

v6.9.1

v6.9.2

v6.9.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29784.json"