Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

SITREP: Threat actors are actively exploiting a critical vulnerability (CVE-2026-26980) in Ghost CMS, leading to the hijacking of over 700 websites for ClickFix attacks. This vulnerability, rated with a CVSS score of 9.4, allows unauthenticated attackers to execute SQL injection attacks and read arbitrary data. TACTICAL ASSESSMENT: The exploitation of this vulnerability indicates a significant risk to web applications using Ghost CMS, potentially compromising sensitive data and user trust. This incident highlights the ongoing threat posed by cybercriminals leveraging high-severity vulnerabilities for malicious purposes. PROJECTED VECTORS: It is likely that the number of compromised sites will increase as more threat actors become aware of this vulnerability and exploit it.