LodeHQSubscribe →

Ghost CMS SQLi Exploited, Drupal Core SQLi Active, Cisco 10.0 Fix

Infosec · 2026-05-27

Vulnerabilities & Exploits
Ghost CMS Critical SQL Injection Exploited in Massive ClickFix Campaign2 MIN

Threat researchers uncovered a large‑scale campaign abusing CVE‑2026‑26980, a critical SQL injection flaw in Ghost CMS (CVSS 9.4), to steal admin API keys and inject malicious JavaScript that triggers ClickFix attacks. Over 700 sites, including Harvard, Oxford and DuckDuckGo, were compromised, highlighting the need to upgrade to Ghost 6.19.1 and rotate keys.

CISA flags Drupal Core SQLi (CVE‑2026‑9082) as actively exploited9 MIN

The U.S. Cybersecurity and Infrastructure Security Agency added Drupal Core’s CVE‑2026‑9082 SQL injection flaw to its Known Exploited Vulnerabilities catalog, citing active attacks. The bug can let unauthenticated users execute arbitrary SQL, potentially leading to privilege escalation or remote code execution. Immediate patching is urged for all supported Drupal installations.

Cisco fixes CVSS 10.0 Secure Workload API auth bypass4 MIN

Cisco released updates for Secure Workload that close a CVSS 10.0 vulnerability (CVE‑2026‑20223). The flaw allowed unauthenticated remote attackers to access internal REST API endpoints and read or modify tenant data with Site Admin privileges. Upgrading to the fixed releases (3.10.8.3 or later) mitigates the issue.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ