CVE-2026-32299

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-32299
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 Release Notes
https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1 Release Notes
https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*
cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*
History

24 Mar 2026, 20:38

Type Values Removed Values Added
CPE cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*
References () https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 - () https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 - Release Notes
References () https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1 - () https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1 - Release Notes
References () https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j - () https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j - Vendor Advisory
First Time Opensource-workshop connect-cms
Opensource-workshop
Summary
  • (es) Connect-CMS es un sistema de gestión de contenido. En versiones de la serie 1.x hasta e incluyendo 1.41.0 y versiones de la serie 2.x hasta e incluyendo 2.41.0, un problema de autorización impropia en la función de recuperación de contenido de página puede permitir la recuperación de información no pública. Las versiones 1.41.1 y 2.41.1 contienen un parche.

23 Mar 2026, 22:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-23 22:16

Updated : 2026-03-24 20:38

NVD link : CVE-2026-32299

Mitre link : CVE-2026-32299

CVE.ORG link : CVE-2026-32299

JSON object : View

Products Affected

opensource-workshop

  • connect-cms
CWE
CWE-284

Improper Access Control