Threat actors are exploiting a critical SQL injection flaw in Ghost CMS (CVE-2026-26980) to inject malicious code and launch ClickFix attacks against over 700 websites.
A critical security vulnerability, CVE-2026-26980, has been actively exploited to hijack numerous websites using the Ghost CMS platform. The flaw, identified as an SQL injection vulnerability within the Ghost Content API, allows unauthenticated attackers to access and manipulate data. Threat actors are leveraging this vulnerability to inject malicious JavaScript, fueling sophisticated ClickFix attacks. The vulnerability has a CVSS score of 9.4, highlighting its extreme severity.