What is CVE-2026-32276?

CVE-2026-32276 is a high-severity vulnerability in Opensource-workshop Connect-cms, classified under Code Injection. CVSS score: 8.8/10. Published 2026-03-23.

How severe is CVE-2026-32276?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Opensource-workshop Connect-cms

CVE-2026-32276

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study P…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (27.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Opensource-workshop Connect-cms — versions < 1.41.1, >= 2.0.0, < 2.41.1

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv (x_refsource_CONFIRM)
https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85 (x_refsource_MISC)
https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 (x_refsource_MISC)
https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-32276?: CVE-2026-32276 is a high-severity vulnerability in Opensource-workshop Connect-cms, classified under Code Injection. CVSS score: 8.8/10. Published 2026-03-23.
How severe is CVE-2026-32276?: High severity. CVSS v3 base score is 8.8 out of 10.