CVE-2026-53945: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in TryGhost Ghost
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.
AI Analysis
Technical Summary
CVE-2026-53945 is a TOCTOU race condition vulnerability in Ghost CMS versions 6.0.9 through 6.21.0. The vulnerability arises because the private-IP check for outbound HTTP requests can be bypassed via DNS rebinding attacks. This allows an attacker to coerce the Ghost server into making requests to internal network hosts through features that perform external fetches. The issue is resolved in Ghost version 6.21.1.
Potential Impact
An attacker can bypass the private-IP check via DNS rebinding, potentially causing the Ghost server to reach internal network hosts. The impact is limited to information disclosure or limited integrity issues due to unauthorized internal network access. There is no impact on availability. The CVSS vector indicates the attack requires network access with high attack complexity and no privileges or user interaction, and the scope is changed.
Mitigation Recommendations
A fix is available in Ghost version 6.21.1. Users should upgrade to version 6.21.1 or later to remediate this vulnerability. No other mitigation guidance is provided or necessary as the issue is resolved by the official patch.
CVE-2026-53945: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in TryGhost Ghost
Description
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.
CVSS v3.1
Score 4.0medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-53945 is a TOCTOU race condition vulnerability in Ghost CMS versions 6.0.9 through 6.21.0. The vulnerability arises because the private-IP check for outbound HTTP requests can be bypassed via DNS rebinding attacks. This allows an attacker to coerce the Ghost server into making requests to internal network hosts through features that perform external fetches. The issue is resolved in Ghost version 6.21.1.
Potential Impact
An attacker can bypass the private-IP check via DNS rebinding, potentially causing the Ghost server to reach internal network hosts. The impact is limited to information disclosure or limited integrity issues due to unauthorized internal network access. There is no impact on availability. The CVSS vector indicates the attack requires network access with high attack complexity and no privileges or user interaction, and the scope is changed.
Mitigation Recommendations
A fix is available in Ghost version 6.21.1. Users should upgrade to version 6.21.1 or later to remediate this vulnerability. No other mitigation guidance is provided or necessary as the issue is resolved by the official patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-11T15:50:01.281Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c2387748d17fc4ff2f766
Added to database: 06/24/2026, 18:35:51 UTC
Last enriched: 06/24/2026, 18:51:26 UTC
Last updated: 06/24/2026, 20:11:13 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.