CVE-2026-29053
Remote Code Execution via Malicious Themes in Ghost CMS
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ghost | ghost | From 0.7.2 (inc) to 6.19.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29053 is a high-severity remote code execution (RCE) vulnerability in the Ghost blogging platform, affecting versions from 0.7.2 up to and including 6.19.0.
The vulnerability occurs because specially crafted malicious themes can execute arbitrary code on the server running Ghost.
Exploitation requires the attacker to have high privileges and user interaction, and it involves complex conditions.
The issue was patched in version 6.19.1.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including the execution of arbitrary code on the server hosting Ghost.
- Confidentiality: Significant data confidentiality loss is possible.
- Integrity: Significant data modification is possible.
- Availability: Significant impact on availability is possible.
Because the attacker must have high privileges and user interaction is required, the risk is mitigated somewhat but still serious.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from the installation of specially crafted malicious themes in Ghost versions 0.7.2 to 6.19.0. Detection involves checking if any untrusted or suspicious themes are installed on the Ghost server.
There are no specific commands provided in the available resources to detect this vulnerability directly on your network or system.
A practical approach is to review the installed themes in your Ghost installation directory and verify their source and integrity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade Ghost to version 6.19.1 or later, where the issue has been patched.
- Avoid installing untrusted or unknown themes.
- If a malicious theme has already been installed, uninstall it promptly.
- Analyze any installed themes to assess potential impact from exploitation.