Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-22594
CVE-2026-22594
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
Published Jan 9, 2026
https://github.com/advisories/GHSA-5fp7-g646-ccf4
CVSS Score
High
8.1
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
ghost
5.105.0
npm
ghost
5.106.1
npm
ghost
5.106.2
npm
ghost
5.107.0
npm
ghost
5.107.1
npm
ghost
5.107.2
npm
ghost
5.108.1
npm
ghost
5.108.2
npm
ghost
5.109.0
npm
ghost
5.109.1
npm
ghost
5.109.2
npm
ghost
5.109.3
npm
ghost
5.109.4
npm
ghost
5.109.5
npm
ghost
5.109.6
npm
ghost
5.110.0
npm
ghost
5.110.1
npm
ghost
5.110.2
npm
ghost
5.110.3
npm
ghost
5.110.4
npm
ghost
5.111.0
npm
ghost
5.112.0
npm
ghost
5.113.0
npm
ghost
5.113.1
npm
ghost
5.114.0
npm
ghost
5.114.1
npm
ghost
5.115.0
npm
ghost
5.115.1
npm
ghost
5.116.0
npm
ghost
5.116.1
npm
ghost
5.116.2
npm
ghost
5.117.0
npm
ghost
5.118.0
npm
ghost
5.118.1
npm
ghost
5.119.0
npm
ghost
5.119.1
npm
ghost
5.119.2
npm
ghost
5.119.3
npm
ghost
5.120.0
npm
ghost
5.120.1
npm
ghost
5.120.2
npm
ghost
5.120.3
npm
ghost
5.120.4
npm
ghost
5.121.0
npm
ghost
5.123.0
npm
ghost
5.125.0
npm
ghost
5.125.1
npm
ghost
5.126.0
npm
ghost
5.126.1
npm
ghost
5.127.0
1-50 of 95
CVE-2026-22594 | Components Impacted | Sonatype Guide | Sonatype Guide
