cbcvebase.
CVE-2026-29053
published 2026-03-05

CVE-2026-29053: Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.37%
29.0th percentile
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.

Affected

3 ranges
VendorProductVersion rangeFixed in
ghostghost>= 0.7.2 < 6.19.16.19.1
ghostghost>= 0.7.2 < 6.19.16.19.1
tryghostghost
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.