{"api_version":"1","generated_at":"2026-06-25T17:31:10+00:00","cve":"CVE-2026-53945","urls":{"html":"https://cve.report/CVE-2026-53945","api":"https://cve.report/api/cve/CVE-2026-53945.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-53945","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-53945"},"summary":{"title":"Ghost: Server-side request forgery via DNS rebinding in external request handling","description":"Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-06-24 19:17:12","updated_at":"2026-06-25 16:16:39"},"problem_types":["CWE-367","CWE-918","CWE-367 CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","CWE-918 CWE-918: Server-Side Request Forgery (SSRF)"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-ch52-px8q-f22j","name":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-ch52-px8q-f22j","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-53945","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53945","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"TryGhost","product":"Ghost","version":"affected >= 6.0.9, < 6.21.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-53945","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-25T15:38:04.884131Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-25T15:38:22.262Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Ghost","vendor":"TryGhost","versions":[{"status":"affected","version":">= 6.0.9, < 6.21.1"}]}],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-367","description":"CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-918","description":"CWE-918: Server-Side Request Forgery (SSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-24T18:09:34.909Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-ch52-px8q-f22j","tags":["x_refsource_CONFIRM"],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-ch52-px8q-f22j"}],"source":{"advisory":"GHSA-ch52-px8q-f22j","discovery":"UNKNOWN"},"title":"Ghost: Server-side request forgery via DNS rebinding in external request handling"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-53945","datePublished":"2026-06-24T18:09:34.909Z","dateReserved":"2026-06-11T15:50:01.281Z","dateUpdated":"2026-06-25T15:38:22.262Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-24 19:17:12","lastModifiedDate":"2026-06-25 16:16:39","problem_types":["CWE-367","CWE-918","CWE-367 CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","CWE-918 CWE-918: Server-Side Request Forgery (SSRF)"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:38:04.884131Z","id":"CVE-2026-53945","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"53945","Ordinal":"1","Title":"Ghost: Server-side request forgery via DNS rebinding in external","CVE":"CVE-2026-53945","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"53945","Ordinal":"1","NoteData":"Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.","Type":"Description","Title":"Ghost: Server-side request forgery via DNS rebinding in external"}]}}}