CVE-2026-32279

Published: Mar 23, 2026Modified: Mar 24, 2026

6.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.3 / Impact: 4.0

Source: security-advisories@github.com (Secondary)

Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

Affected (2)

Products: Opensource Workshop: Connect Cms

Opensource Workshop

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensource Workshop Connect Cms	From 1.0.0 to 1.41.1
Opensource Workshop Connect Cms	From 2.0.0 to 2.41.1

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (5)

https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63

Source: security-advisories@github.com

Patch

https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f

Source: security-advisories@github.com

Patch

https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1

Source: security-advisories@github.com

Release Notes

https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1

Source: security-advisories@github.com

Release Notes

https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.