CVE-2026-32299

HIGH

Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

Title source: cna
STIX 2.1

Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.

References (3)

Scores

CVSS v3 7.5
EPSS 0.0004
EPSS Percentile 13.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (4)
opensource-workshop/connect-cms 0 - 1.41.1Packagist
opensource-workshop/connect-cms 1.0.0 - 1.41.1
opensource-workshop/connect-cms < 1.41.1
opensource-workshop/connect-cms >= 2.0.0, < 2.41.1
Published Mar 23, 2026
Tracked Since Mar 24, 2026