CVE-2026-53948 Overview
CVE-2026-53948 affects Ghost, a Node.js content management system. Ghost versions from 6.19.4 until 6.21.1 fail to properly validate the client-supplied Content-Type header on the Admin API file upload endpoint. Attackers with author-level access can upload files that are served with an attacker-chosen content type when using S3 or Google Cloud Storage (GCS) backends. On installations that serve uploaded files from the same origin as the site, this behavior enables stored cross-site scripting (XSS) [CWE-434] against visitors and staff. Ghost 6.21.1 fixes the issue.
Critical Impact
Authenticated attackers can upload files with arbitrary content types on S3/GCS-backed Ghost deployments, enabling stored XSS against site visitors and administrative staff when files share the site's origin.
Affected Products
- Ghost CMS versions 6.19.4 through 6.21.0
- Ghost installations using Amazon S3 storage backend
- Ghost installations using Google Cloud Storage (GCS) backend
Discovery Timeline
- 2026-06-24 - CVE-2026-53948 published to NVD
- 2026-06-25 - Last updated in NVD database
Technical Details for CVE-2026-53948
Vulnerability Analysis
The vulnerability stems from insufficient validation of the client-supplied Content-Type header on Ghost's Admin API file upload endpoint. When a file is uploaded to an S3 or GCS storage backend, Ghost passes the user-controlled MIME type through to the storage layer. The storage service then serves the file with that content type on subsequent requests.
This behavior breaks the assumption that uploaded files will be served as static assets with safe, server-derived MIME types. An authenticated attacker can upload a file containing HTML or JavaScript while declaring the content type as text/html or application/javascript. When a visitor or administrator retrieves the file URL, the browser renders or executes the payload.
The impact depends on deployment configuration. Sites that serve uploaded media from the same origin as the main Ghost application are vulnerable to stored XSS. Cookies, session tokens, and Admin API actions become reachable from the injected script context.
Root Cause
The root cause is unrestricted file upload with dangerous type [CWE-434]. Ghost trusted the Content-Type header sent by the client rather than deriving the MIME type from file inspection or restricting it to a server-side allowlist. The S3 and GCS adapters persisted this header as object metadata, causing the storage service to return the attacker-controlled value in subsequent responses.
Attack Vector
Exploitation requires Admin API credentials with file upload permissions and user interaction to visit the malicious file URL. The attacker uploads a crafted file via the Admin API while specifying a script-capable MIME type. The resulting URL, hosted on the site's origin, executes the script payload in any browser that loads it. See the GitHub Security Advisory GHSA-944x-pm95-3jpr for full technical details.
Detection Methods for CVE-2026-53948
Indicators of Compromise
- Files in S3 or GCS buckets with Content-Type metadata set to text/html, application/xhtml+xml, image/svg+xml, or application/javascript despite non-matching file extensions.
- Admin API upload requests where the declared Content-Type does not match the file binary signature.
- Unexpected outbound requests from visitor browsers to attacker-controlled domains after viewing site media.
Detection Strategies
- Audit S3 and GCS bucket inventory for objects whose stored Content-Type metadata differs from their actual file format.
- Review Admin API access logs for file upload activity from unfamiliar author or staff accounts during the vulnerable version window.
- Inspect HTTP response headers from /content/images/ and other upload paths for executable MIME types being served from the site origin.
Monitoring Recommendations
- Enable CloudTrail or GCS audit logging on the Ghost storage bucket to capture object PUT operations with metadata details.
- Alert on any uploaded object whose Content-Type is scriptable when served from the same origin as the Ghost site.
- Monitor staff account creation and role changes in Ghost to detect attacker provisioning of upload-capable accounts.
How to Mitigate CVE-2026-53948
Immediate Actions Required
- Upgrade Ghost to version 6.21.1 or later without delay.
- Audit all files uploaded to S3 or GCS backends since upgrading to 6.19.4 and remove or remediate objects with suspicious content types.
- Rotate Admin API keys and review staff accounts for unauthorized additions or privilege changes.
Patch Information
The vulnerability is fixed in Ghost 6.21.1. The patch enforces server-side validation of upload content types rather than trusting client-supplied values. Refer to the Ghost security advisory GHSA-944x-pm95-3jpr for release notes and remediation guidance.
Workarounds
- Serve uploaded files from a separate origin or sandboxed domain to neutralize stored XSS impact even when arbitrary MIME types are accepted.
- Configure a Content Security Policy (CSP) that restricts script execution to trusted origins, limiting payload execution within the Ghost interface.
- Restrict Admin API access and limit staff role assignment until the upgrade is completed.
# Upgrade Ghost to the patched release
ghost update --version 6.21.1
ghost doctor
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

