Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dqj6-6jfr-37ca
Vulnerability ID VCID-dqj6-6jfr-37ca
Aliases CVE-2026-22597
GHSA-vmc4-9828-r48r
Summary Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-918 Server-Side Request Forgery (SSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2026-22597
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2026-22597
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2026-22597
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-vmc4-9828-r48r
cvssv4 5.1 https://github.com/TryGhost/Ghost
generic_textual MODERATE https://github.com/TryGhost/Ghost
cvssv4 5.1 https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
generic_textual MODERATE https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
ssvc Track https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
cvssv4 5.1 https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
generic_textual MODERATE https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
ssvc Track https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
cvssv3.1_qr MODERATE https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
cvssv4 5.1 https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
generic_textual MODERATE https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
ssvc Track https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
cvssv4 5.1 https://nvd.nist.gov/vuln/detail/CVE-2026-22597
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-22597
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-22597
15d49131ff4aac3aca8642501c793f01f2bfcbb9 https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
93add549ccf079d8e28bdb724fbb71a76942ff51 https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
CVE-2026-22597 https://nvd.nist.gov/vuln/detail/CVE-2026-22597
GHSA-vmc4-9828-r48r https://github.com/advisories/GHSA-vmc4-9828-r48r
GHSA-vmc4-9828-r48r https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Found at https://github.com/TryGhost/Ghost
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Found at https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T15:33:44Z/ Found at https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Found at https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T15:33:44Z/ Found at https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Found at https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T15:33:44Z/ Found at https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-22597
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.10164
EPSS Score 0.00033
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:52:58.942685+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/22xxx/CVE-2026-22597.json 38.6.0