CVE-2026-53945
published 2026-06-24CVE-2026-53945: Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding…
PriorityP421medium4CVSS 3.1
AVNACHPRNUINSCCNILAN
EPSS
0.14%
3.8th percentile
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tryghost | ghost | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Kuwfi atCmd cmds Parameter Command Injection Attempt M2 (CVE-2024-53945)
suricata·2026-01-08·CVSS 8.8
CVE-2024-53945 [HIGH] ET WEB_SPECIFIC_APPS Kuwfi atCmd cmds Parameter Command Injection Attempt M2 (CVE-2024-53945)
ET WEB_SPECIFIC_APPS Kuwfi atCmd cmds Parameter Command Injection Attempt M2 (CVE-2024-53945)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Kuwfi atCmd cmds Parameter Command Injection Attempt M2 (CVE-2024-53945)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:27; content:"/goform/atCmd"; fast_pattern; http.request_body; content:"cmds|3d|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,github.com/actuator/cve/blob/main/Kuwfi/CVE-2024-53945.txt; reference:cve,2024-53945; classtype:attempted-admin; sid:2066634; rev:1; metadata:affected_product Kuwfi, attack_target Networking_Equipment, tls_state plaintext, created_at 2026_01_08, cve CVE_2024_53945, deployment Perimeter, depl
Suricata
ET WEB_SPECIFIC_APPS Kuwfi formMultiApnSetting pincode Parameter Command Injection Attempt M1 (CVE-2024-53945)
suricata·2026-01-08·CVSS 8.8
CVE-2024-53945 [HIGH] ET WEB_SPECIFIC_APPS Kuwfi formMultiApnSetting pincode Parameter Command Injection Attempt M1 (CVE-2024-53945)
ET WEB_SPECIFIC_APPS Kuwfi formMultiApnSetting pincode Parameter Command Injection Attempt M1 (CVE-2024-53945)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Kuwfi formMultiApnSetting pincode Parameter Command Injection Attempt M1 (CVE-2024-53945)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:27; content:"/goform/formMultiApnSetting"; fast_pattern; http.request_body; content:"pincode|3d|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,github.com/actuator/cve/blob/main/Kuwfi/CVE-2024-53945.txt; reference:cve,2024-53945; classtype:attempted-admin; sid:2066632; rev:1; metadata:affected_product Kuwfi, attack_target Networking_Equipment, tls_state plaintext, created_at 2026_01
No public exploits indexed.
No writeups or analysis indexed.
2026-06-24
Published