Hackers Exploit Ghost CMS CVE-2026
Source: Cybersecuritynews
Published:
<p>A critical SQL injection flaw in Ghost CMS has been weaponized by at least two threat actor groups to silently poison over 700 websites with ClickFix malware, putting unsuspecting visitors at serious risk. The vulnerability, tracked as CVE-2026-26980, was publicly disclosed as early as February 1