CVE-2026-32300 HIGH

CVE-2026-32300: Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Vendor Opensource-Workshop
Product connect-cms
Weakness CWE-285
Published March 23, 2026
Last update March 25, 2026
View on NVD All CVEs

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.

Key dates

02Disclosure timeline

March 23, 2026 CVE published
March 25, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability CVE-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions CVE-2026-3737 SourceCodester Pet Grooming Management Software User Creation add_user.php improper authorization CVE-2022-26310 Improper Authorization in User Management to Vertical Privilege Escalation