Ghost CMS Vulnerability Exploited in Massive ClickFix Malware Campaign

Threat actors are actively exploiting a recently disclosed critical vulnerability in Ghost CMS to inject malicious JavaScript into websites and launch sophisticated ClickFix malware attacks.

According to researchers at QiAnXin XLab, attackers are abusing CVE-2026-26980, a critical SQL injection flaw with a CVSS score of 9.4. The vulnerability affects Ghost’s Content API and allows unauthenticated attackers to access sensitive database information. The issue was patched in February 2026 with the release of Ghost version 6.19.1.

The flaw was originally discovered by Anthropic using its AI assistant, Claude.

Why the Vulnerability Is Dangerous

Security researchers warn that the vulnerability enables attackers to steal a website’s Admin API key without authorization. With this key, threat actors can directly interact with the Ghost Admin API and modify published content across the website.

Attackers used the stolen API credentials to inject malicious JavaScript loaders into website articles, typically at the bottom of pages. These scripts were designed to support fake CAPTCHA-based ClickFix attacks.

XLab described the incident as a “large-scale poisoning campaign” targeting vulnerable Ghost CMS installations.

More Than 700 Websites Compromised

The campaign, first detected on May 7, 2026, has already impacted more than 700 websites across multiple sectors, including:

• Universities
• Blockchain platforms
• Artificial intelligence companies
• SaaS providers
• Cybersecurity organizations
• Media outlets
• Financial technology firms

Because the malicious code is delivered through legitimate and trusted websites, researchers believe the success rate of the attacks is significantly increased.

How the Attack Works

The injected JavaScript acts as a two-stage malware loader. Initially, it contacts an external domain to retrieve the main payload dynamically during runtime. This setup allows attackers to swap payloads without changing the loader itself, making the campaign more flexible and harder to detect.

Researchers discovered that the malicious infrastructure uses a cloaking service powered by Adspect. The cloaking mechanism helps attackers serve harmless content to security scanners while delivering malicious payloads only to real users.

The malicious script gathers browser fingerprinting information and can execute multiple commands, including:

• Redirecting users
• Triggering pop-ups
• Downloading files
• Running arbitrary JavaScript code

Fake CAPTCHA Leads to Malware Infection

Victims identified as valid targets are shown a fake CAPTCHA verification page embedded inside an iframe. Users are instructed to copy and paste a Base64-encoded command into the Windows Run dialog — a common ClickFix social engineering tactic.

Once executed, the command downloads a ZIP archive containing malicious scripts. The infection chain eventually launches malware using PowerShell and rundll32.exe.

Researchers observed several payload variations during the campaign, including:

• Malicious DLL files
• JavaScript payloads
• A trojanized PuTTY client signed with a valid certificate
• An Electron-based application installer

Modified Grape Client Used for Persistence

The final payload appears to be a modified version of the open-source Grape desktop client. The malware establishes persistence on infected systems and communicates with a remote command-and-control server every 30 seconds.

Attackers can remotely issue commands, execute JavaScript, and run executable files on compromised machines.

Recommended Actions for Ghost CMS Users

Website administrators using Ghost CMS are strongly advised to:

• Upgrade immediately to the latest Ghost version
• Rotate all API keys and credentials
• Remove malicious code from affected pages
• Review access logs for suspicious activity
• Notify users who may have visited compromised websites

Security experts stress that websites running outdated Ghost CMS versions remain highly vulnerable to exploitation and malware injection attacks.