What is CVE-2026-53944?

CVE-2026-53944 is a medium-severity vulnerability in Tryghost Ghost, classified under Incomplete List of Disallowed Inputs. CVSS score: 5.8/10. Published 2026-06-24.

How severe is CVE-2026-53944?

Medium severity. CVSS v3 base score is 5.8 out of 10.

SSRF in Tryghost Ghost

CVE-2026-53944

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to…

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Tryghost Ghost — versions >= 6.0.9, < 6.21.1

Weakness classification (CWE)

CWE-184 — Incomplete List of Disallowed Inputs
CWE-918 — Server-Side Request Forgery (SSRF)

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-53944?: CVE-2026-53944 is a medium-severity vulnerability in Tryghost Ghost, classified under Incomplete List of Disallowed Inputs. CVSS score: 5.8/10. Published 2026-06-24.
How severe is CVE-2026-53944?: Medium severity. CVSS v3 base score is 5.8 out of 10.