diff --git a/ghost/core/core/frontend/web/middleware/serve-public-file.js b/ghost/core/core/frontend/web/middleware/serve-public-file.js
index 3688192674..7ea0389e7c 100644
--- a/ghost/core/core/frontend/web/middleware/serve-public-file.js
+++ b/ghost/core/core/frontend/web/middleware/serve-public-file.js
@@ -46,6 +46,8 @@ function createPublicFileMiddleware(location, file, mime, maxAge) {
 
         // send image files directly and let express handle content-length, etag, etc
         if (mime.match(/^image/)) {
+            // In admin we need to read images and calculate the average color (blocked by CORS otherwise)
+            res.setHeader('Access-Control-Allow-Origin', '*');
             return res.sendFile(filePath, (err) => {
                 if (err && err.status === 404) {
                     // ensure we're triggering basic asset 404 and not a templated 404