× EU ICT Risk Newsroom DORA News On the Horizon ΑΙ Cybersec Space Cyber Alerts GDPR News EU CERT Advisories ICT Governance ESA/NCAs Contact
Switch to Greek 🔍

Ghost CMS flaw exploited, 700+ sites hijacked for ClickFix attacks.

Newsroom - 25 May 2026 - 15:02

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS. Their goal is to inject malicious JavaScript code, aiming to fuel ClickFix attacks. This activity highlights a significant risk for websites using the affected content management system. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980, which has a CVSS score of 9.4.

Ghost CMS flaw exploited, 700+ sites hijacked for ClickFix attacks.
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS. Their goal is to inject malicious JavaScript code, aiming to fuel ClickFix attacks. This activity highlights a significant risk for websites using the affected content management system. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980, which has a CVSS score of 9.4. This is an SQL injection vulnerability found in Ghost's Content API. It could allow an unauthenticated attacker to read arbitrary data from the system.
Ghost CMS CVE-2026-26980 ClickFix attacks SQL injection

Subscribe for EU DORA and Banking ICT Risk news and insights