CVE-2026-29053
Received Received - Intake
Remote Code Execution via Malicious Themes in Ghost CMS

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: GitHub, Inc.

Description
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29053
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ghost ghost From 0.7.2 (inc) to 6.19.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-29053 is a high-severity remote code execution (RCE) vulnerability in the Ghost blogging platform, affecting versions from 0.7.2 up to and including 6.19.0.

The vulnerability occurs because specially crafted malicious themes can execute arbitrary code on the server running Ghost.

Exploitation requires the attacker to have high privileges and user interaction, and it involves complex conditions.

The issue was patched in version 6.19.1.

Impact Analysis

This vulnerability can have severe impacts including the execution of arbitrary code on the server hosting Ghost.

  • Confidentiality: Significant data confidentiality loss is possible.
  • Integrity: Significant data modification is possible.
  • Availability: Significant impact on availability is possible.

Because the attacker must have high privileges and user interaction is required, the risk is mitigated somewhat but still serious.

Compliance Impact

I don't know

Detection Guidance

This vulnerability arises from the installation of specially crafted malicious themes in Ghost versions 0.7.2 to 6.19.0. Detection involves checking if any untrusted or suspicious themes are installed on the Ghost server.

There are no specific commands provided in the available resources to detect this vulnerability directly on your network or system.

A practical approach is to review the installed themes in your Ghost installation directory and verify their source and integrity.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade Ghost to version 6.19.1 or later, where the issue has been patched.

  • Avoid installing untrusted or unknown themes.
  • If a malicious theme has already been installed, uninstall it promptly.
  • Analyze any installed themes to assess potential impact from exploitation.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29053. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart