CVE-2026-32299
- Source
- https://cve.org/CVERecord?id=CVE-2026-32299
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32299.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-32299
- Aliases
- Published
- 2026-03-23T21:37:49.083Z
- Modified
- 2026-04-10T05:43:02.391373Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature
- Details
-
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.
- Database specific
{ "cwe_ids": [ "CWE-284" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32299.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32299.json
- https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
- https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
- https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j
- https://nvd.nist.gov/vuln/detail/CVE-2026-32299
Affected packages
Git / github.com/opensource-workshop/connect-cms
Affected ranges
Affected versions
1.*
1.20.0
2.*
2.30.0
v0.*
v0.0.1.20200106
v0.0.1.20200216
v0.0.1.20200302
v0.0.1.20200411
v0.0.1.20200510
v0.0.1.20200603
v0.0.1.20200716
v0.0.1.20200909
v0.0.1.20201008
v0.0.1.20201207
v0.0.1.20210104
v0.0.1.20210301
v0.0.1.20210405
v0.0.1.20211130
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.15.4
v1.16.0
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.18.0
v1.18.1
v1.18.2
v1.18.3
v1.19.0
v1.19.1
v1.19.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.21.0
v1.22.0
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.24.0
v1.25.0
v1.25.1
v1.26.0
v1.26.1
v1.27.0
v1.28.0
v1.29.0
v1.29.1
v1.3.0
v1.3.1
v1.3.2
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.38.1
v1.39.0
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.40.0
v1.41.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v1.9.0
v1.9.1
v1.9.10
v1.9.11
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
v2.*
v2.0.0
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.10.1
v2.10.2
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.16.0
v2.17.0
v2.17.1
v2.17.2
v2.17.3
v2.17.4
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.19.0
v2.19.2.1
v2.2.0
v2.2.1
v2.2.2
v2.21.0
v2.22.0
v2.23.0
v2.23.2
v2.23.3
v2.24.0
v2.25.0
v2.25.1
v2.26.0
v2.26.1
v2.27.0
v2.27.0.1
v2.28.0
v2.29.0
v2.29.1
v2.3.0
v2.3.1
v2.3.2
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.35.0
v2.36.0
v2.37.0
v2.38.0
v2.38.1
v2.39.0
v2.4.0
v2.4.1
v2.4.10
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.40.0
v2.41.0
v2.5.0
v2.5.1
v2.5.10
v2.5.11
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.8.1
v2.8.2
v2.8.3
v2.9.0
v2.9.1