thehackernews.com 5/25/2026, 12:21:51 PM · external

CVE-2026-26980 flaw hijacks 700+ Ghost sites for click fraud

CyberSIXT Evidence Panel Source marked as original reporting

CVE Intel

CVE-2026-26980 - NVD Not in KEV 9.4 CRITICAL

CISA KEV Not in KEV

Patch Patch Available

A significant vulnerability (CVE-2026-26980) in the Ghost CMS was exploited, leading to the hijacking of over 700 websites for click-fraud attacks. Security experts emphasize the urgency of addressing this issue and implementing necessary patches to prevent further exploits. The incident highlights the risks associated with web security flaws and the necessity for proactive measures in cybersecurity.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline

#5 May 31, 2026, 02:53 PM

securityaffairs.com
Ghost CMS mass hack via CVE-2026-26980 fuels ClickFix attack wave
#4 May 26, 2026, 10:46 AM

malwarebytes.com
Hackers Hijack 700+ Sites via Ghost CMS SQLi Flaw CVE-2026-26980
#3 May 25, 2026, 06:07 PM

securityaffairs.com
Ghost CMS SQL flaw lets attackers hijack 700+ sites, steal keys
#2 May 25, 2026, 01:27 PM

securityweek.com
Ghost CMS CVE-2026-26980 SQLi Triggers Attack on 700 Sites
#1 May 25, 2026, 12:02 PM Current article

thehackernews.com
CVE-2026-26980 flaw hijacks 700+ Ghost sites for click fraud