Skip to content
The Nexus
SECURITYMay 25 · 12:02 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript into over 700 websites for ClickFix attacks. QiAnXin XLab reported the exploit, which leverages an unauthenticated API flaw with a CVSS score of 9.4 to exfiltrate data and deploy malware.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting