SECURITYTHE HACKER NEWS
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript into over 700 websites for ClickFix attacks. QiAnXin XLab reported the exploit, which leverages an unauthenticated API flaw with a CVSS score of 9.4 to exfiltrate data and deploy malware.
Mentioned
Related Signal
Adjacent reporting
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
- Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
- Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
- LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
- Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV