cbcvebase.
CVE-2026-53945
published 2026-06-24

CVE-2026-53945: Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding…

PriorityP421medium4CVSS 3.1
AVNACHPRNUINSCCNILAN
EPSS
0.14%
3.8th percentile
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.

Affected

1 ranges
VendorProductVersion rangeFixed in
tryghostghost
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.