Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
Over Security - Cybersecurity news aggregator [Unofficial]
May 24, 2026
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.
Discussion in the ATmosphere