CVE-2026-22594 is a high severity vulnerability with a CVSS score of 8.1. No known exploits currently, and patches are available.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA.
This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3.
v5.130.6 and v6.11.0 contain a fix for this issue.
Ghost thanks Sho Odagiri of GMO Cybersecurity by Ierae, Inc. for discovering and disclosing this vulnerability responsibly.
If there are any questions or comments about this advisory, email Ghost at [email protected].
| Vendor | Product |
|---|---|
| Ghost | Ghost |