CVE-2026-32279 MEDIUM

CVE-2026-32279: Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin

Vendor Opensource-Workshop
Product connect-cms
Weakness CWE-918 · SSRF
Published March 23, 2026
Last update March 24, 2026
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

Key dates

02Disclosure timeline

March 23, 2026 CVE published
March 24, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-32828 Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration CVE-2025-22374 SSRF in CyberAudit-Web videx-legacy-ssl CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP CVE-2025-53461 WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery