Primary

Context

Ghost Media Inliner SSRF Vulnerability Allowing Data Exfiltration

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in the media inliner feature of Ghost, a Node.js content management system. This issue affects Ghost versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3. The vulnerability allows staff users with a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems by crafting URLs for media assets that, when processed by the media inliner, access internal resources.

Impact

Exploitation of this vulnerability could lead to unauthorized access and exfiltration of internal data via SSRF.

Reproduction

To reproduce this vulnerability, a staff user with a valid authentication token for the Ghost Admin API can create a post that includes URLs pointing to internal resources. When the post is processed through the media inliner, the internal data can be accessed and exfiltrated.

Remediation

Users can upgrade to Ghost versions 5.130.6 or 6.11.0 to address this vulnerability.

Added: Jan 10, 2026, 3:17 AM

Updated: Jan 10, 2026, 3:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.0

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.0

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ghost Media Inliner SSRF Vulnerability Allowing Data Exfiltration

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Ghost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating