CVE-2026-22594

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2026-22594

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-22594.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-22594

Aliases

Published

2026-01-10T02:56:47.226Z

Modified

2026-01-13T09:26:20.736868Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Ghost has Staff 2FA bypass

Details

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22594.json",
    "cwe_ids": [
        "CWE-287"
    ]
}

References

Affected packages

Git / github.com/tryghost/ghost

Affected ranges

Type

GIT

Repo

https://github.com/tryghost/ghost

Events

Introduced

5b8c97dcb46ae3d552a2f05531723f14c8f806a7

Fixed

67e137d8b0dd70cd5f486bfeea5d1643cee06104

Database specific

{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.11.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/tryghost/ghost

Events

Introduced

bb9bd0e233069ab71a665ac90c9af16987236cd8

Fixed

a07c753c8a08c38d264b429b2a19873b152c097a

Database specific

{
    "versions": [
        {
            "introduced": "5.105.0"
        },
        {
            "fixed": "5.130.6"
        }
    ]
}

Affected versions

v5.*

v5.105.0

v5.106.0

v5.106.1

v5.107.0

v5.107.1

v5.107.2

v5.108.0

v5.108.1

v5.108.2

v5.109.0

v5.109.1

v5.109.2

v5.109.3

v5.109.4

v5.109.5

v5.109.6

v5.110.0

v5.110.1

v5.110.2

v5.110.3

v5.110.4

v5.111.0

v5.112.0

v5.113.0

v5.113.1

v5.114.0

v5.114.1

v5.115.0

v5.115.1

v5.116.0

v5.116.1

v5.116.2

v5.117.0

v5.118.0

v5.118.1

v5.119.0

v5.119.1

v5.119.2

v5.119.3

v5.120.0

v5.120.1

v5.120.2

v5.120.3

v5.120.4

v5.121.0

v5.122.0

v5.123.0

v5.124.0

v5.125.0

v5.125.1

v5.126.0

v5.127.0

v5.127.1

v5.127.2

v5.128.0

v5.128.1

v5.129.0

v5.129.1

v5.129.2

v5.130.0

v5.130.1

v5.130.2

v5.130.3

v5.130.4

v5.130.5

v6.*

v6.0.0

v6.0.1

v6.0.10

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1.0

v6.10.0

v6.10.1

v6.10.2

v6.10.3

v6.2.0

v6.3.0

v6.3.1

v6.4.0

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.7.0

v6.8.0

v6.8.1

v6.9.0

v6.9.1

v6.9.2

v6.9.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-22594.json"