CVE-2026-22597
LOW 2.7Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
Affected Applications in Environment
10
ghostscript
v9.54.0-19.el9_6
1 device
ghostscript
v9.54.0-19.el9_6
2 devices
ghostscript
v9.54.0-19.el9_6
27 devices
ghostscript
v9.25-5.el7
1 device
ghostscript
v9.27-6.el8
2 devices
ghostscript
v9.27-15.el8_10
1 device
ghostscript
v9.27-17.el8_10
2 devices
ghostscript
v9.27-17.el8_10
2 devices
ghostscript
v9.27-16.el8_10
1 device
ghostscript
v9.54.0-19.el9_6
1 device
Affected Devices
40
chela03
Linux
chela04
Linux
chela05
Linux
devjobsub.banner.usu.edu
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-05.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-10.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
el120-14.ece.usu.edu
Linux
eprocdev.banner.usu.edu
Linux
facreadyprod.pplant.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
facshibsp2.pplant.usu.edu
Linux
guru.cluster
Linux
oms.db.usu.edu
Linux
paymentworksdev.banner.usu.edu
Linux