CVE-2026-53945— Ghost: Server-side request forgery via DNS rebinding in external request handling
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53945
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghost: Server-side request forgery via DNS rebinding in external request handling
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53945
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53945
请登录查看更多情报信息。
Other References for CVE-2026-53945 (1)
Same Patch Batch · TryGhost · 2026-06-24 · 8 CVEs total
| CVE-2026-53943 | 9.6 CRITICAL | Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header |
| CVE-2026-53950 | 7.5 HIGH | @tryghost/activitypub: XSS in Ghost's ActivityPub client |
| CVE-2026-53944 | 5.8 MEDIUM | Ghost: Private IP filtering bypass to make server-side requests to internal services |
| CVE-2026-53948 | 5.4 MEDIUM | Ghost: File Upload Content-Type Spoofing |
| CVE-2026-53946 | 5.4 MEDIUM | Ghost: Mobiledoc image-size fetch SSRF |
| CVE-2026-53947 | 5.3 MEDIUM | Ghost: Member existence leak via magic link sign-in response |
| CVE-2026-53949 | 5.3 MEDIUM | Ghost Content API filter bypass reveals private fields |
IV. Related Vulnerabilities
Same product: Ghost
- CVE-2026-53943
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-pre - CVE-2026-53944
Ghost: Private IP filtering bypass to make server-side reque - CVE-2026-53946
Ghost: Mobiledoc image-size fetch SSRF - CVE-2026-53947
Ghost: Member existence leak via magic link sign-in response - CVE-2026-53948
Ghost: File Upload Content-Type Spoofing
Same vendor: TryGhost
- CVE-2026-53943
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-pre - CVE-2026-53944
Ghost: Private IP filtering bypass to make server-side reque - CVE-2026-53946
Ghost: Mobiledoc image-size fetch SSRF - CVE-2026-53947
Ghost: Member existence leak via magic link sign-in response - CVE-2026-53948
Ghost: File Upload Content-Type Spoofing
Same weakness: CWE-367
- CVE-2026-54327
Pi: Race condition in auth.json writes could expose stored c - CVE-2026-48931
Node.js 22/24/26 HTTP Agent漏洞 - CVE-2026-41045
Weak polkit authentication check in qSnapper - CVE-2026-48983
pam_usb: TOCTOU race condition in pad directory creation all - CVE-2026-6733
undici vulnerable to HTTP response queue poisoning via keep-
V. Comments for CVE-2026-53945
No comments yet