CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1	Release Notes
https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1	Release Notes
https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:opensource-workshop:connect-cms::::::::
	cpe:2.3:a:opensource-workshop:connect-cms::::::::

History

No history.

Information

Published : 2026-03-23 22:16

Updated : 2026-03-24 20:38

NVD link : CVE-2026-32299

Mitre link : CVE-2026-32299

CVE.ORG link : CVE-2026-32299

JSON object : View

Products Affected

opensource-workshop

connect-cms

CWE

CWE-284

Improper Access Control

{"id": "CVE-2026-32299", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-23T22:16:27.780", "references": [{"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch."}, {"lang": "es", "value": "Connect-CMS es un sistema de gesti\u00f3n de contenido. En versiones de la serie 1.x hasta e incluyendo 1.41.0 y versiones de la serie 2.x hasta e incluyendo 2.41.0, un problema de autorizaci\u00f3n impropia en la funci\u00f3n de recuperaci\u00f3n de contenido de p\u00e1gina puede permitir la recuperaci\u00f3n de informaci\u00f3n no p\u00fablica. Las versiones 1.41.1 y 2.41.1 contienen un parche."}], "lastModified": "2026-03-24T20:38:16.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60B8BBDF-82BD-486D-AE17-7F59360E62C3", "versionEndExcluding": "1.41.1", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C11B4F0-DF29-473A-A285-9DA152DDCDE1", "versionEndExcluding": "2.41.1", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}