Massive Attack on Ghost CMS: SQL Injection Vulnerability Exploited for ClickFix

Cybersecurity experts have identified active exploitation of a critical vulnerability in the Ghost CMS content management system. The issue involves an SQL injection, registered as CVE-2026-26980, which allows attackers to inject arbitrary JavaScript code into vulnerable websites.

Cybercriminals are leveraging this flaw to conduct a large-scale ClickFix campaign, redirecting users to malicious sites or executing unwanted actions in their browsers. The attack begins with the injection of a script that activates when a compromised site is visited, posing a threat to data confidentiality and end-user security.

According to analysts, websites that have not updated Ghost CMS to the latest secure version are at risk. Site owners are advised to immediately check their platform version and apply necessary patches. Special attention should be given to monitoring suspicious activity in server logs and client-side browsers.

Experts emphasize that such attacks can lead not only to data leaks but also to financial losses if attackers gain access to payment systems or user accounts. With the rise in cyberattacks on CMS platforms, experts urge strengthening web resource protection measures.