CVE-2026-32276
- Source
- https://cve.org/CVERecord?id=CVE-2026-32276
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32276.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-32276
- Aliases
- Published
- 2026-03-23T21:06:32.607Z
- Modified
- 2026-04-10T05:43:02.349261Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin
- Details
-
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
- Database specific
{ "cwe_ids": [ "CWE-94" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32276.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32276.json
- https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85
- https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
- https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
- https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv
- https://nvd.nist.gov/vuln/detail/CVE-2026-32276
Affected packages
Git / github.com/opensource-workshop/connect-cms
Affected ranges
Affected versions
1.*
1.20.0
2.*
2.30.0
v0.*
v0.0.1.20200106
v0.0.1.20200216
v0.0.1.20200302
v0.0.1.20200411
v0.0.1.20200510
v0.0.1.20200603
v0.0.1.20200716
v0.0.1.20200909
v0.0.1.20201008
v0.0.1.20201207
v0.0.1.20210104
v0.0.1.20210301
v0.0.1.20210405
v0.0.1.20211130
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.15.4
v1.16.0
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.18.0
v1.18.1
v1.18.2
v1.18.3
v1.19.0
v1.19.1
v1.19.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.21.0
v1.22.0
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.24.0
v1.25.0
v1.25.1
v1.26.0
v1.26.1
v1.27.0
v1.28.0
v1.29.0
v1.29.1
v1.3.0
v1.3.1
v1.3.2
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.38.1
v1.39.0
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.40.0
v1.41.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v1.9.0
v1.9.1
v1.9.10
v1.9.11
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
v2.*
v2.0.0
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.10.1
v2.10.2
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.16.0
v2.17.0
v2.17.1
v2.17.2
v2.17.3
v2.17.4
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.19.0
v2.19.2.1
v2.2.0
v2.2.1
v2.2.2
v2.21.0
v2.22.0
v2.23.0
v2.23.2
v2.23.3
v2.24.0
v2.25.0
v2.25.1
v2.26.0
v2.26.1
v2.27.0
v2.27.0.1
v2.28.0
v2.29.0
v2.29.1
v2.3.0
v2.3.1
v2.3.2
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.35.0
v2.36.0
v2.37.0
v2.38.0
v2.38.1
v2.39.0
v2.4.0
v2.4.1
v2.4.10
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.40.0
v2.41.0
v2.5.0
v2.5.1
v2.5.10
v2.5.11
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.8.1
v2.8.2
v2.8.3
v2.9.0
v2.9.1