CVE-2026-22594
🔴 HIGHGhost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue ha...
Description
Request Expert ReviewGhost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
Affected Products (1)
CVSS Scores
References
Additional Information
- Source
- security-advisories@github.com
- State
- Analyzed
Related CVEs
CVE-2025-67847
HIGHA flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to ins...
CVE-2025-3839
HIGHA flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be...
CVE-2025-15522
MEDIUMThe Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scrip...
CVE-2026-0796
HIGHALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...
CVE-2026-0795
HIGHALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...
CVE-2026-0794
HIGHALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...
Share CVE-2026-22594
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2026-22594 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!