{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29053", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T17:50:11.244Z", "datePublished": "2026-03-05T05:51:41.166Z", "dateUpdated": "2026-03-05T15:29:27.533Z"}, "containers": {"cna": {"title": "Ghost Vulnerable to Remote Code Execution via Malicious Themes", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}], "affected": [{"vendor": "TryGhost", "product": "Ghost", "versions": [{"version": ">= 0.7.2, < 6.19.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T05:51:41.166Z"}, "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1."}], "source": {"advisory": "GHSA-cgc2-rcrh-qr5x", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:29:20.298955Z", "id": "CVE-2026-29053", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:29:27.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T15:29:20.298955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:29:24.112Z"}}], "cna": {"title": "Ghost Vulnerable to Remote Code Execution via Malicious Themes", "source": {"advisory": "GHSA-cgc2-rcrh-qr5x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "TryGhost", "product": "Ghost", "versions": [{"status": "affected", "version": ">= 0.7.2, < 6.19.1"}]}], "references": [{"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x", "name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T05:51:41.166Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29053", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:29:27.533Z", "dateReserved": "2026-03-03T17:50:11.244Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-05T05:51:41.166Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "624FEA3A-AF23-44E2-B6BF-26785A03B807", "versionEndExcluding": "6.19.1", "versionStartIncluding": "0.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1."}, {"lang": "es", "value": "Ghost es un sistema de gesti\u00f3n de contenido Node.js. Desde la versi\u00f3n 0.7.2 hasta la 6.19.0, temas maliciosos espec\u00edficamente dise\u00f1ados pueden ejecutar c\u00f3digo arbitrario en el servidor que ejecuta Ghost. Este problema ha sido parcheado en la versi\u00f3n 6.19.1."}], "id": "CVE-2026-29053", "lastModified": "2026-03-09T18:40:22.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-05T06:16:50.410", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.7.2,6.19.1)"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "Ghost", "source": "cna", "vendor": "TryGhost"}, "product": "ghost", "vendor": "ghost"}], "analysis": {"en": {"generated_at": "2026-04-17T12:56:39.640301+00:00", "value": {"mitigation_remediation": ["Upgrade Ghost to version 6.19.1 or later to apply the vendor patch.", "Delete or replace any user\u2011installed themes that are not from a trusted source, especially those uploaded prior to 6.19.1.", "Enforce strict role\u2011based access control so that only authorized administrators can upload or modify themes, thereby limiting the attack surface."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "This issue affects Ghost versions from 0.7.2 through 6.19.0, inclusive. The vendor responsible for this product is TryGhost, and the component is the Ghost CMS running on Node.js. The vulnerability was patched in Ghost version 6.19.1 and later releases.", "description_and_impact": "Ghost, a Node.js Content Management System, contains a vulnerability that allows attackers to execute arbitrary code on the server by deploying specially crafted malicious themes. The flaw is a form of improper input handling, aligning with CWE-74. When a theme is installed, the CMS fails to validate the theme\u2019s contents, enabling attackers to run code with the privileges of the Ghost process.", "risk_and_exploitability": "The CVSS score of 7.7 indicates a high severity level, while an EPSS score of less than 1% indicates a low probability of exploitation at the time of this analysis. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, it is inferred that attackers who can upload or install a theme to an affected Ghost instance \u2013 for example by using the administrative interface or by directly placing theme files \u2013 may leverage the flaw to run arbitrary code on the host. The impact can be wide\u2011range, including full system compromise, data exfiltration, or lateral movement within the network."}}}}, "created": "2026-03-06T15:17:45.359235+00:00", "updated": "2026-04-17T13:00:12.021558+00:00", "vendors": ["ghost", "ghost$PRODUCT$ghost"]}