CVE-2026-53947 - Vulnerability Details - OpenCVE

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is fixed in 6.21.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ghost	Ghost

No data.

No data.

References

Link	Providers
https://github.com/TryGhost/Ghost/security/advisories/GHSA-chgm-3698-jm42

History

Thu, 25 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 25 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ghost Ghost ghost
Vendors & Products		Ghost Ghost ghost

Wed, 24 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is fixed in 6.21.1.
Title		Ghost: Member existence leak via magic link sign-in response
Weaknesses		CWE-204
References		https://github.com/TryGhost/Ghost/security/advisories/GHSA-chgm-3698-jm42
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-24T18:07:42.965Z

Updated: 2026-06-25T17:09:22.498Z

Reserved: 2026-06-11T15:50:01.281Z

Link: CVE-2026-53947

Vulnrichment

Updated: 2026-06-25T17:09:17.344Z

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53947", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-11T15:50:01.281Z", "datePublished": "2026-06-24T18:07:42.965Z", "dateUpdated": "2026-06-25T17:09:22.498Z"}, "containers": {"cna": {"title": "Ghost: Member existence leak via magic link sign-in response", "problemTypes": [{"descriptions": [{"cweId": "CWE-204", "lang": "en", "description": "CWE-204: Observable Response Discrepancy", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-chgm-3698-jm42", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-chgm-3698-jm42"}], "affected": [{"vendor": "TryGhost", "product": "Ghost", "versions": [{"version": ">= 5.18.0, < 6.21.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-24T18:07:42.965Z"}, "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is fixed in 6.21.1."}], "source": {"advisory": "GHSA-chgm-3698-jm42", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-25T17:09:11.479372Z", "id": "CVE-2026-53947", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T17:09:22.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-53947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-25T17:09:11.479372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T17:09:17.344Z"}}], "cna": {"title": "Ghost: Member existence leak via magic link sign-in response", "source": {"advisory": "GHSA-chgm-3698-jm42", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "TryGhost", "product": "Ghost", "versions": [{"status": "affected", "version": ">= 5.18.0, < 6.21.1"}]}], "references": [{"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-chgm-3698-jm42", "name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-chgm-3698-jm42", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is fixed in 6.21.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-204", "description": "CWE-204: Observable Response Discrepancy"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-24T18:07:42.965Z"}}}, "cveMetadata": {"cveId": "CVE-2026-53947", "state": "PUBLISHED", "dateUpdated": "2026-06-25T17:09:22.498Z", "dateReserved": "2026-06-11T15:50:01.281Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-24T18:07:42.965Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}