CVE-2026-32279

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

https://github.com/opensource-workshop/connect-cms/commit/4…

https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a42…

https://github.com/opensource-workshop/connect-cms/commit/6…

https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c07…

https://github.com/opensource-workshop/connect-cms/releases…

https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1

https://github.com/opensource-workshop/connect-cms/releases…

https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1

https://github.com/opensource-workshop/connect-cms/security…

https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh4…