AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-w52v-v783-gw97: Ghost has a SQL injection in Content API

criticalvulnerability

security

Source: GitHub Advisory DatabaseFebruary 18, 2026CVE-2026-26980

Summary

Ghost's Content API had a SQL injection vulnerability (a flaw where attackers can insert malicious database commands into user input) that let unauthenticated attackers read any data from the database. The vulnerability affected Ghost versions 3.24.0 through 6.19.0.

Solution / Mitigation

Update to Ghost v6.19.1, which contains the fix. As a temporary workaround, a reverse proxy or WAF (web application firewall, a security tool that filters incoming requests) rule can block Content API requests containing `slug%3A%5B` or `slug:[` in the query string filter parameter, though this may break legitimate slug filter functionality.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Affected Packages

ghost@>= 3.24.0, < 6.19.1 (fixed: 6.19.1)

Original source: https://github.com/advisories/GHSA-w52v-v783-gw97

First tracked: February 18, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 95%