A vulnerability labeled as critical has been found in TryGhost Ghost up to 6.21.0 . Affected by this vulnerability is an unknown functionality of the component API File Upload Endpoint . Executing a manipulation can lead to unrestricted upload. This vulnerability is handled as CVE-2026-53948 . The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.