{"id":3325,"date":"2026-05-25T13:07:53","date_gmt":"2026-05-25T13:07:53","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/"},"modified":"2026-05-25T13:07:53","modified_gmt":"2026-05-25T13:07:53","slug":"ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/","title":{"rendered":"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks"},"content":{"rendered":"<div>Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.<\/p>\n<p>According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost&#8217;s Content API that could allow an unauthenticated attacker to read arbitrary data from the<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost&#8217;s Content API that could allow an unauthenticated attacker to read [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-3325","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost&#8217;s Content API that could allow an unauthenticated attacker to read [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-25T13:07:53+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks\",\"datePublished\":\"2026-05-25T13:07:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\"},\"wordCount\":71,\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\",\"name\":\"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2026-05-25T13:07:53+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks - Imperative Business Ventures Limited","og_description":"Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost&#8217;s Content API that could allow an unauthenticated attacker to read [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-05-25T13:07:53+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks","datePublished":"2026-05-25T13:07:53+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/"},"wordCount":71,"keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/","name":"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2026-05-25T13:07:53+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=3325"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3325\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=3325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=3325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=3325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}