Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. […]

Bill Toulas

Go to bleepingcomputer

Posted

May 25, 2026

in

bleepingcomputer, Security

by

leeanne

Tags:

bleepingcomputer