{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T09:09:15.004","vulnerabilities":[{"cve":{"id":"CVE-2026-29053","sourceIdentifier":"security-advisories@github.com","published":"2026-03-05T06:16:50.410","lastModified":"2026-03-09T18:40:22.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1."},{"lang":"es","value":"Ghost es un sistema de gestión de contenido Node.js. Desde la versión 0.7.2 hasta la 6.19.0, temas maliciosos específicamente diseñados pueden ejecutar código arbitrario en el servidor que ejecuta Ghost. Este problema ha sido parcheado en la versión 6.19.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*","versionStartIncluding":"0.7.2","versionEndExcluding":"6.19.1","matchCriteriaId":"624FEA3A-AF23-44E2-B6BF-26785A03B807"}]}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}