A critical Ghost CMS vulnerability identified as CVE-2026-26980 has been exploited in a widespread cyber campaign that compromised more than 700 websites, including platforms associated with major institutions such as Harvard University, University of Oxford, and DuckDuckGo. Security researchers say the attacks leveraged weaknesses in the Ghost content management system to inject malicious JavaScript code aimed at facilitating ClickFix malware attacks. 

The attacks were detailed by Chinese cybersecurity company QiAnXin and its XLab research team, which warned that threat actors are actively exploiting unpatched Ghost installations in an ongoing “large-scale poisoning” campaign. 

CVE-2026-26980 Enabled Unauthorized Access to Ghost CMS Sites 

The exploited flaw, tracked as CVE-2026-26980, was disclosed and patched in February 2026 in version 6.19.1 of the Ghost content management system. Ghost is a widely used open-source CMS focused on blogging, digital publishing, newsletters, and memberships. According to its developers, the platform powers more than 100,000 websites globally. 

The Ghost CMS vulnerability is an SQL injection flaw affecting Ghost’s Content API. Researchers at SentinelOne previously warned that the vulnerability could allow unauthenticated attackers to extract sensitive data directly from a site’s database. This included authentication tokens, website content, and user credentials. 

The flaw received a CVSS severity score of 9.4, highlighting the serious risks posed by CVE-2026-26980. The vulnerability was reportedly discovered by Anthropic using its Claude AI system.

What made the Ghost CMS vulnerability especially dangerous was its ability to expose a site’s Admin API Key. Once attackers obtained this key, they could abuse Ghost’s Admin API to directly modify published articles and inject malicious code into legitimate websites without authorization.

Hundreds of Websites Infected 

According to QiAnXin XLab, attackers began exploiting CVE-2026-26980 shortly after the security patch became publicly available. Investigators noted that a DLL file involved in the campaign carried a compilation timestamp dated February 16, 2026 — the same day the patch for the Ghost CMS vulnerability was announced.

The malicious activity was first detected on May 7, 2026, and by early May, researchers had already identified hundreds of compromised websites running the Ghost content management system.

More than 700 websites across various industries were eventually found to be affected. The victims included organizations operating in sectors such as artificial intelligence, software development, blockchain, cybersecurity, fintech, media, SaaS, and higher education.

Researchers found that nearly half of the compromised websites were personal blogs or independently operated sites. However, many others belonged to major institutions and technology-focused organizations. 

QiAnXin stated that many victims were notified about the compromises, but the majority reportedly failed to respond to the alerts. 

“At least two groups are currently actively conducting such poisoning operations, and some sites have even become the target of competition between the two parties, with different malicious code being implanted one after another within a single day,” the researchers said. 

Malicious JavaScript Injected Into Ghost CMS Articles 

The attackers used the Ghost CMS vulnerability to tamper with website articles by appending malicious JavaScript loaders to the bottom of pages. These loaders were designed to support ClickFix attacks — a growing social engineering tactic that tricks users into manually executing malware on their systems. 

The injected code acted as a two-stage loader that retrieved additional payloads at runtime from an external domain identified as “clo4shara[.]xyz/11z77u3.php.” Researchers said the infrastructure gave attackers flexibility to swap payloads while maintaining the same loader framework across multiple compromised Ghost CMS sites. 

QiAnXin explained that the PHP script functioned as a traffic distribution and cloaking system powered by Adspect, a commercial cloaking service. The script gathered browser fingerprinting data from visitors and selectively redirected targets based on predefined rules. 

“Directly accessing clo4shara[.]xyz/11z77u3.php reveals a piece of code, which is actually a typical traffic distribution script,” XLab researchers explained. “Its core function is to collect various fingerprint information from the user’s browser and upload it to the server, then perform actions such as redirection, popups, and downloads based on the returned instructions.” 

The cloaking mechanism helped attackers avoid detection by ensuring that only intended victims received malicious payloads, while automated scanners and crawlers were shown harmless web content instead.