{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-09T05:29:56.725","vulnerabilities":[{"cve":{"id":"CVE-2026-22595","sourceIdentifier":"security-advisories@github.com","published":"2026-01-10T03:15:50.553","lastModified":"2026-01-15T18:34:49.013","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0."},{"lang":"es","value":"Ghost es un sistema de gestión de contenido Node.js. En las versiones 5.121.0 a 5.130.5 y 6.0.0 a 6.10.3, una vulnerabilidad en el manejo de Ghost de la autenticación de token de personal permitió que ciertos puntos finales fueran accedidos que solo estaban destinados a ser accesibles a través de la autenticación de sesión de personal. Sistemas externos que han sido autenticados a través de tokens de personal para usuarios con rol de Administrador/Propietario habrían tenido acceso a estos puntos finales. Este problema ha sido parcheado en las versiones 5.130.6 y 6.11.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.121.0","versionEndExcluding":"5.130.6","matchCriteriaId":"ECA8ED19-2E79-4689-ACDD-C5A3F60BC162"},{"vulnerable":true,"criteria":"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.11.0","matchCriteriaId":"9EC484AC-A1F0-4C13-BFAB-9DA57116957D"}]}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}