What is CVE-2026-53943?

CVE-2026-53943 is a critical-severity vulnerability in Tryghost Ghost, classified under Use of Cache Containing Sensitive Information. CVSS score: 9.6/10. Published 2026-06-24.

How severe is CVE-2026-53943?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Vulnerability in Tryghost Ghost

CVE-2026-53943

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview hea…

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Tryghost Ghost — versions >= 4.0.0, < 6.37.0

Weakness classification (CWE)

CWE-524 — Use of Cache Containing Sensitive Information

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-53943?: CVE-2026-53943 is a critical-severity vulnerability in Tryghost Ghost, classified under Use of Cache Containing Sensitive Information. CVSS score: 9.6/10. Published 2026-06-24.
How severe is CVE-2026-53943?: Critical severity. CVSS v3 base score is 9.6 out of 10.