CVE-2026-29053: Ghost Vulnerable to Remote Code Execution via Malicious Themes

March 3, 2026 (updated March 5, 2026)

Specifically crafted malicious themes can execute arbitrary code on the server running Ghost.

References

github.com/TryGhost/Ghost
github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
github.com/advisories/GHSA-cgc2-rcrh-qr5x
nvd.nist.gov/vuln/detail/CVE-2026-29053

Code Behaviors & Features

Detect and mitigate CVE-2026-29053 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →