CVE-2026-53947— Ghost: Member existence leak via magic link sign-in response
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53947
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghost: Member existence leak via magic link sign-in response
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is fixed in 6.21.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
响应差异性信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53947
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53947
请登录查看更多情报信息。
Other References for CVE-2026-53947 (1)
Same Patch Batch · TryGhost · 2026-06-24 · 8 CVEs total
| CVE-2026-53943 | 9.6 CRITICAL | Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header |
| CVE-2026-53950 | 7.5 HIGH | @tryghost/activitypub: XSS in Ghost's ActivityPub client |
| CVE-2026-53944 | 5.8 MEDIUM | Ghost: Private IP filtering bypass to make server-side requests to internal services |
| CVE-2026-53948 | 5.4 MEDIUM | Ghost: File Upload Content-Type Spoofing |
| CVE-2026-53946 | 5.4 MEDIUM | Ghost: Mobiledoc image-size fetch SSRF |
| CVE-2026-53949 | 5.3 MEDIUM | Ghost Content API filter bypass reveals private fields |
| CVE-2026-53945 | 4.0 MEDIUM | Ghost: Server-side request forgery via DNS rebinding in external request handling |
IV. Related Vulnerabilities
Same product: Ghost
- CVE-2026-53943
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-pre - CVE-2026-53944
Ghost: Private IP filtering bypass to make server-side reque - CVE-2026-53945
Ghost: Server-side request forgery via DNS rebinding in exte - CVE-2026-53946
Ghost: Mobiledoc image-size fetch SSRF - CVE-2026-53948
Ghost: File Upload Content-Type Spoofing
Same vendor: TryGhost
- CVE-2026-53943
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-pre - CVE-2026-53944
Ghost: Private IP filtering bypass to make server-side reque - CVE-2026-53945
Ghost: Server-side request forgery via DNS rebinding in exte - CVE-2026-53946
Ghost: Mobiledoc image-size fetch SSRF - CVE-2026-53948
Ghost: File Upload Content-Type Spoofing
Same weakness: CWE-204
- CVE-2026-54445
Vantage6: Set admin user and password from environment or co - CVE-2026-43926
FOSSBilling's password reset confirmation endpoint lacks rat - CVE-2026-45620
AVideo CVE-2026-43881 incomplete fix - `objects/mention.json - CVE-2018-25350
userSpice 4.3.24 Username Enumeration via existingUsernameCh - CVE-2026-44306
Statamic: Email enumeration via forgot password endpoint
V. Comments for CVE-2026-53947
No comments yet