CVE-2026-32300

Published: Mar 23, 2026Modified: Mar 24, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: security-advisories@github.com (Secondary)

Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.

Affected (2)

Products: Opensource Workshop: Connect Cms

Opensource Workshop

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensource Workshop Connect Cms	From 1.0.0 to 1.41.1
Opensource Workshop Connect Cms	From 2.0.0 to 2.41.1

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce

Source: security-advisories@github.com

Patch

https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1

Source: security-advisories@github.com

Release Notes

https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1

Source: security-advisories@github.com

Release Notes

https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.