× EU ICT Risk Newsroom DORA News On the Horizon ΑΙ Cybersec Space Cyber Alerts GDPR News EU CERT Advisories ICT Governance ESA/NCAs Contact

Major Ghost CMS SQL injection vulnerability exploited in ClickFix campaign.

Newsroom - 24 May 2026 - 17:12

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

Major Ghost CMS SQL injection vulnerability exploited in ClickFix campaign.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

Ghost CMS SQL injection ClickFix vulnerability

Major Ghost CMS SQL injection vulnerability exploited in ClickFix campaign.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

Subscribe for EU DORA and Banking ICT Risk news and insights