{"id":"CVE-2026-22594","summary":"Ghost has Staff 2FA bypass","details":"Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.","aliases":["BIT-ghost-2026-22594","GHSA-5fp7-g646-ccf4"],"modified":"2026-04-10T05:38:48.049209Z","published":"2026-01-10T02:56:47.226Z","database_specific":{"cwe_ids":["CWE-287"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22594.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22594.json"},{"type":"ADVISORY","url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22594"},{"type":"FIX","url":"https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b"},{"type":"FIX","url":"https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tryghost/ghost","events":[{"introduced":"5b8c97dcb46ae3d552a2f05531723f14c8f806a7"},{"fixed":"67e137d8b0dd70cd5f486bfeea5d1643cee06104"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"fixed":"6.11.0"}]}},{"type":"GIT","repo":"https://github.com/tryghost/ghost","events":[{"introduced":"bb9bd0e233069ab71a665ac90c9af16987236cd8"},{"fixed":"a07c753c8a08c38d264b429b2a19873b152c097a"}],"database_specific":{"versions":[{"introduced":"5.105.0"},{"fixed":"5.130.6"}]}}],"versions":["v5.105.0","v5.106.0","v5.106.1","v5.107.0","v5.108.0","v5.108.1","v5.109.0","v5.109.3","v5.109.6","v5.110.0","v5.110.2","v5.111.0","v5.112.0","v5.113.0","v5.114.0","v5.115.1","v5.116.0","v5.116.2","v5.117.0","v5.118.0","v5.118.1","v5.119.0","v5.119.2","v5.120.0","v5.120.2","v5.121.0","v5.122.0","v5.125.1","v5.126.0","v5.127.0","v5.127.1","v5.128.0","v5.129.0","v5.129.1","v5.129.2","v5.130.0","v5.130.1","v5.130.3","v5.130.4","v5.130.5","v6.0.0","v6.0.1","v6.0.10","v6.0.3","v6.0.4","v6.0.5","v6.0.6","v6.0.7","v6.0.8","v6.1.0","v6.10.0","v6.10.3","v6.2.0","v6.3.0","v6.3.1","v6.4.0","v6.5.0","v6.5.2","v6.5.3","v6.6.0","v6.7.0","v6.8.0","v6.8.1","v6.9.0","v6.9.2","v6.9.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22594.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}