Ghost CMS Flaw Turns Harvard, Oxford Sites Into Malware Hosts

More than 700 websites belonging to universities, tech companies, and research organizations have been hijacked to distribute malware through a massive campaign exploiting a critical SQL injection vulnerability in Ghost CMS. Among the victims: Harvard University, the University of Oxford, and DuckDuckGo.

The attackers leveraged CVE-2026-26980, an unauthenticated SQL injection flaw in Ghost's Content API, to steal administrative credentials and inject malicious JavaScript into legitimate web pages. Visitors to compromised sites encounter fake Cloudflare or CAPTCHA verification dialogs that trick them into executing malware directly on their systems.

How the Attack Works

CVE-2026-26980 allows attackers to directly query Ghost CMS databases without authentication. According to Malwarebytes researchers, the vulnerability exposes sensitive database contents including the Admin API Key—the master credential for Ghost's management interface.

With administrative access, attackers modified website content to inject malicious JavaScript. This script loads a second-stage payload that presents visitors with what appears to be a legitimate security verification page. The fake CAPTCHA or "browser verification" prompt displays instructions asking users to open the Windows Run dialog (Win+R) and paste a command.

Users who comply execute a PowerShell script that downloads and installs information-stealing malware. The technique—known as "ClickFix"—exploits user trust in familiar security verification flows. We've covered similar social engineering tactics used by threat actors targeting corporate environments.

Scale and Victims

The campaign compromised over 700 Ghost-powered websites across multiple sectors:

• Education: Harvard University, University of Oxford, and numerous other academic institutions
• Technology: DuckDuckGo, various SaaS providers, and AI/ML startups
• Finance: Multiple fintech companies and blockchain projects
• Media: Security research blogs and news publications

The selection isn't random. Attackers targeted high-reputation domains specifically because visitors inherently trust content from established institutions. A malware prompt on harvard.edu carries more credibility than one from an unknown domain.

Multiple Threat Actor Clusters

Security analysts identified at least two distinct criminal groups exploiting CVE-2026-26980 rather than a single coordinated operation. This suggests the vulnerability was either independently discovered by multiple actors or widely shared in underground forums.

The parallel campaigns use slightly different malware payloads but identical exploitation techniques. Both leverage the ClickFix social engineering flow to achieve initial compromise. The multi-actor exploitation mirrors patterns seen in recent supply chain attacks where multiple groups rapidly weaponize disclosed vulnerabilities.

Vulnerability Details

CVE-2026-26980 affects Ghost CMS versions 3.24.0 through 6.19.0. The SQL injection occurs in the Content API endpoint, which is publicly accessible by design to serve website content to visitors. This accessibility made the vulnerability particularly dangerous—no authentication or unusual network access was required.

The vulnerability was publicly disclosed on February 19, 2026. Ghost released a patched version 6.19.1 addressing the flaw. However, the several-month gap between disclosure and this mass exploitation campaign suggests many organizations failed to update promptly.

ClickFix: Social Engineering at Scale

ClickFix campaigns have surged throughout 2026, representing an evolution in malware distribution. Rather than exploiting browser vulnerabilities or tricking users into downloading malicious files, ClickFix weaponizes user compliance with perceived security requirements.

The psychological manipulation is sophisticated. Modern users are conditioned to expect verification challenges on websites. CAPTCHA, Cloudflare "checking your browser" interstitials, and MFA prompts are routine experiences. ClickFix abuses this conditioning by inserting malicious instructions into familiar verification flows.

The attacks succeed because users follow instructions from trusted contexts without questioning whether those instructions are legitimate. When Harvard's website tells you to verify your browser, most visitors comply.

Protection Strategies

For website operators running Ghost:

1. Update immediately - Deploy Ghost 6.19.1 or later
2. Audit for compromise - Check for unauthorized content modifications or JavaScript injections
3. Review API logs - Look for unusual Content API query patterns
4. Rotate credentials - Generate new Admin API keys after patching

For end users:

1. Never execute pasted commands - Legitimate verification systems don't ask you to run commands
2. Question unusual prompts - If a CAPTCHA asks you to open PowerShell, something is wrong
3. Report suspicious behavior - Alert website operators if you encounter unusual verification requests
4. Deploy endpoint protection - Modern EDR solutions can block ClickFix payloads

Organizations can proactively detect lookalike domains targeting their brand using tools like Greyphish, though this campaign compromised legitimate domains rather than creating spoofed ones.

Why This Matters

This campaign demonstrates why web application security extends beyond your own infrastructure. Organizations linking to or embedding content from third-party sites inherit risk from those sites' security postures. A compromised university website can distribute malware to corporate visitors.

The ClickFix social engineering technique is particularly insidious because it bypasses technical security controls entirely. No exploit code runs in the browser. No vulnerability is triggered on the visitor's system. Users simply follow instructions that appear to come from a trusted source.

Security awareness training should explicitly address verification prompt abuse. Users need to understand that legitimate security systems never ask them to execute commands or paste scripts into system dialogs.