CVE-2026-32299 HIGH

CVE-2026-32299: Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

Vendor Opensource-Workshop
Product connect-cms
Weakness CWE-284
Published March 23, 2026
Last update March 24, 2026
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.

Key dates

02Disclosure timeline

March 23, 2026 CVE published
March 24, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-32752 FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages CVE-2026-45301 Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file CVE-2020-3364 Cisco IOS XR Software Standby Route Processor Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability CVE-2024-23488 Files of archived channels accessible with the “Allow users to view archived channels” option disabled CVE-2022-28778