CVE-2026-32300HIGH 8.1EPSS p22.0%

CVE-2026-32300CVE-2026-32300

Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.30% probability of exploitation · percentile 22.0% · 2026-06-18T12:00:27Z
Published2026-03-23
Last modified2026-03-24

Underlying weaknesses· 2

CWE-285CWE-639

References

  1. https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce
  2. https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
  3. https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
  4. https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9

2

TypeTargetConfidenceTier
WeaknessImproper Authorizationcwe-2850%live
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32276
CVE
CVE-2026-32277
CVE
CVE-2025-57130
CVE
October CMS Improper Authentication
CVE
CVE-2026-29204
CVE
CVE-2025-3101
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.