VYPR
Critical severity9.4NVD Advisory· Published Feb 20, 2026· Updated May 26, 2026

CVE-2026-26980

CVE-2026-26980

Description

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ghostnpm
>= 3.24.0, < 6.19.16.19.1

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

5