CVE-2026-29784
Received Received - Intake
CSRF Vulnerability in Ghost CMS Enables Session Takeover Risk

Publication date: 2026-03-07

Last updated on: 2026-03-09

Assigner: GitHub, Inc.

Description
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-09
Generated
2026-05-07
AI Q&A
2026-03-07
EPSS Evaluated
2026-05-05
NVD
CVE-2026-29784
EUVD
EUVD-2026-10163
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ghost ghost From 5.101.6 (inc) to 6.19.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-29784 vulnerability in the Ghost platform, you should update your Ghost installation to version 6.19.3 or later, where the issue has been fixed.

If you are self-hosting using Docker, use the official Ghost Docker images and follow the update instructions provided by Ghost.

If you use Ghost-CLI, follow the documented update procedures to upgrade your Ghost instance to the patched version.


Can you explain this vulnerability to me?

CVE-2026-29784 is a vulnerability in the Ghost content management system affecting versions from 5.101.6 to 6.19.2. It involves incomplete Cross-Site Request Forgery (CSRF) protections around the /session/verify endpoint. Specifically, the issue allowed One-Time Codes (OTCs) to be used in login sessions different from the requesting session, which means an attacker could exploit this flaw to bypass proper session verification.

This vulnerability could be leveraged by phishers to take over a Ghost site by exploiting weaknesses in session verification and authentication flows.

The issue was fixed in version 6.19.3 by improving session management, token binding to session context, and removing unnecessary token generation that could bypass two-factor authentication.


How can this vulnerability impact me? :

This vulnerability can have serious impacts including unauthorized access and control over a Ghost site. Attackers exploiting this flaw could perform phishing attacks to hijack user sessions and gain administrative access.

  • Confidentiality Impact: High - attackers could access sensitive data without authorization.
  • Integrity Impact: High - attackers could modify data or site content maliciously.
  • Availability Impact: High - attackers could disrupt the service or availability of the site.

The vulnerability requires user interaction and has a high attack complexity, but no privileges are required to exploit it remotely over the network.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart