CVE-2026-22595: Ghost has Staff Token permission bypass
(updated )
A vulnerability in Ghost’s handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints.
References
- github.com/TryGhost/Ghost
- github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8
- github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3
- github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx
- github.com/advisories/GHSA-9xg7-mwmp-xmjx
- nvd.nist.gov/vuln/detail/CVE-2026-22595
Code Behaviors & Features
Detect and mitigate CVE-2026-22595 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →