CVE-2026-32299

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.

284

Improper Access Control

Incomplete

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

View CWE Details

https://github.com/opensource-workshop/connect-cms/releases…

https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1

https://github.com/opensource-workshop/connect-cms/releases…

https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1

https://github.com/opensource-workshop/connect-cms/security…

https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62c…

CVE-2026-32299

Description

Improper Access Control

Common Consequences

Applicable Platforms

Iscriviti alla newsletter