A vulnerability was found in TryGhost Ghost up to 6.21.0 . It has been classified as critical . The affected element is an unknown function of the component HTTP Request Handler . The manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2026-53946 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.