Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

mkj @mkj@social.mkj.earth

2/17/2026, 7:32:40 PM

Public

If you are running *any* version of Ghost from 3.24.0 to 6.19.0:

Stop what you are doing and upgrade to 6.19.1.

Like right now.

>> This is not a drill! <<

"A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. This vulnerability is present in Ghost v3.24.0 to v6.19.0. v6.19.1 contains a fix for this issue. There is no application-level workaround."

CVE-2026-26980 CVSS 9.4

https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97

#Ghost

SQL injection in Content API

### Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. ### Vulnerable Versions This vulne...

github.com · GitHub

If you have a fediverse account, you can quote this note from your own instance. Search https://social.mkj.earth/users/mkj/statuses/116087636676087677 on your instance and quote it. (Note that quoting is not supported in Mastodon.)