Share
## https://sploitus.com/exploit?id=2A7C0BF5-FDCE-5B2C-86F5-943D06D13B64
# CVE-2026-29053
Ghost CMS RCE via jsonpath/static-eval prototype chain.
## Info
- **CVE**: CVE-2026-29053
- **Affected**: Ghost -p
```
1. Start listener: `nc -lvnp `
2. Upload `malicious-theme.zip` to Ghost Admin โ Settings โ Design
3. Create page with slug `rce`
4. Visit `/rce/`
## References
- https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
- https://www.endorlabs.com/learn/rce-in-ghost-cms-ghsa-cgc2-rcrh-qr5x