{"uuid": "05c9f7ce-38cd-426f-8820-08f10bd92a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mmqyz642ca2y", "content": "Threat actors are exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to hijack over 700 sites for ClickFix attacks. Discovered by Anthropic, the flaw allows unauthorized access to admin API keys, enabling bulk article tampering with malicious JavaScript.", "creation_timestamp": "2026-05-26T12:36:26.018452Z"}