A critical, unauthenticated SQL injection vulnerability in Ghost CMS, tracked as CVE-2026-26980, CVSS 9.4, is being actively exploited across a large-scale ClickFix campaign that has compromised more than 700 websites. The flaw affects Ghost versions 3.24.0 through 6.19.0; Ghost 6.19.1, released on 19 February 2026, contains the fix. As BleepingComputer reports, at least two distinct threat actor groups are competing to seize control of unpatched instances.
The victim list removes any notion that this is a niche problem for personal bloggers. Harvard University, Oxford University, Auburn University, and DuckDuckGo are all among confirmed compromised sites. When high-trust, heavily trafficked domains serve poisoned pages, every visitor becomes a potential endpoint infection, and the reputational damage to the compromised organisation can far outlast the technical clean-up.
For security teams in banking, government, and critical infrastructure across the MEA region, the risk is indirect but real. Staff visiting what they consider reputable academic or technology sites may be served the ClickFix social-engineering chain. One successful execution drops a persistent implant on a corporate endpoint. That single machine then beacons to attacker infrastructure every 30 seconds.
The patching gap is the most uncomfortable detail here. The fix shipped in February 2026. SecurityWeek confirmed that SentinelOne observed exploitation as early as 27 February, virtually the same day the patch was announced publicly. Mass exploitation was still running three months later. Hundreds of organisations had the answer and did not apply it.
The root cause, as documented by XLab/Qianxin, is an unparameterized ORDER BY clause in Ghost's Content API. Because the clause is not sanitised, an unauthenticated attacker can inject SQL that reads the full database, including the Admin API key stored within it.
Once the Admin API key is extracted, the attacker calls the Ghost Admin API endpoint PUT /ghost/api/admin/posts/:id/ to write malicious JavaScript directly into article footers across the site. The injected loader is built to evade casual detection: it stores an execution flag in localStorage so the malicious code fires only once per browser session, and it encodes C2 URLs in base64. Each victim site is fingerprinted using base64(origin), allowing the operators to track which compromised domains are generating traffic.
The two-stage loading chain ends at a fake Cloudflare CAPTCHA page. The page instructs the visitor to press Win+R, then Ctrl+V, pasting a base64-encoded PowerShell command that the page has already placed in their clipboard. That PowerShell retrieves the stage-2 payload: either UtilifySetup.exe, hosted on an AWS S3 bucket named amazonbusketss-535659318049-us-west-1, or a DLL fetched from link.storjshare[.]io. Traffic is routed through cloaking domains clo4shara[.]xyz → com-apps[.]cc before reaching the final stage.
UtilifySetup.exe is an Inno Setup installer. It extracts to %appdata%\local\SuperMaxionQuickMaxlite, a modified Electron application that beacons to web-telegram[.]ug every 30 seconds. The DLL payload was compiled on 16 February 2026, the same day the patch was announced. The attacker weaponised the disclosed flaw almost immediately.
Any Ghost installation running version 3.24.0 through 6.19.0 that has not been updated to 6.19.1 remains vulnerable. That is a version range spanning several years of releases, which means the exposed attack surface across the global Ghost install base is substantial.
XLab/Qianxin's breakdown of compromised sites shows 48.1% are personal blogs, 14.8% belong to software development organisations, and 4.6% are in the AI/ML sector. Software and AI companies typically run Ghost for developer documentation or public-facing technical blogs — properties that attract the precise audience threat actors want to target for credential theft and corporate endpoint compromise.
Exploitation began, at small scale, almost immediately after the patch shipped in February. The large-scale campaign XLab/Qianxin detected from 7 May 2026 onward demonstrates that opportunistic attackers scanned for and queued unpatched targets over that three-month window. Organisations still running unpatched Ghost should treat themselves as already targeted, not merely at risk.
Update Ghost to version 6.19.1 immediately. The official GitHub security advisory confirms this release contains fix commit 30868d632b2252b638bc8a4c8ebf73964592ed91. If you cannot patch right now, take the instance offline rather than leave it exposed. There is no known workaround that neutralises the Content API injection vector without the patch.
Audit all article content for injected JavaScript. Check every post footer in your Ghost admin panel for script tags or base64-encoded strings that your team did not place there. Pay particular attention to content modified after 19 February 2026. Automated diffing against a clean backup is faster than manual review at scale.
Rotate your Admin API key. If your Ghost instance was running the vulnerable version at any point since February, assume the key was extracted. Regenerate it through the Ghost admin interface and audit any integrations or webhooks that relied on the old key.
Hunt for the payload on endpoints that visited compromised sites. Search for SuperMaxionQuickMaxlite under %appdata%\local\, and look for outbound connections to web-telegram[.]ug, clo4shara[.]xyz, and com-apps[.]cc. These are concrete indicators of compromise your SOC can action immediately across endpoint and network telemetry.
Block the known malicious infrastructure at your perimeter. Add web-telegram[.]ug, clo4shara[.]xyz, com-apps[.]cc, and link.storjshare[.]io to your DNS and proxy blocklists. Flag outbound traffic to the S3 bucket amazonbusketss-535659318049-us-west-1 for immediate investigation rather than silent blocking, since that traffic indicates an active infection.
No. The SQL injection in Ghost's Content API requires no authentication whatsoever. Any attacker who can send an HTTP request to a vulnerable Ghost instance can extract the full database, including the Admin API key. That is what drives the CVSS score to 9.4.
Attackers are not after your content. They want your audience. Injecting ClickFix scripts into a trusted, indexed domain gives them a delivery mechanism for endpoint malware that bypasses the reputation filters visitors have mentally applied to well-known sites. Your readership is the target.
Patching to 6.19.1 closes the SQL injection vector. However, if your instance was reachable between the vulnerability's existence and your patch date, you should still audit post content for injected scripts and check whether your Admin API key was accessed or extracted during that window.
XLab/Qianxin first detected mass exploitation on 7 May 2026, with public disclosure following on 24 May 2026. With two competing threat actor groups operating and hundreds of unpatched sites still exposed at the time of disclosure, there is no indication the campaign has ceased.
Sources: BleepingComputer, XLab/Qianxin, SecurityWeek, GitHub Security Advisory GHSA-w52v-v783-gw97
