If you are running *any* version of Ghost from 3.24.0 to 6.19.0:
Stop what you are doing and upgrade to 6.19.1.
Like right now.
>> This is not a drill! <<
"A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. This vulnerability is present in Ghost v3.24.0 to v6.19.0. v6.19.1 contains a fix for this issue. There is no application-level workaround."
CVE-2026-26980 CVSS 9.4
https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97