What is CVE-2026-32299?

CVE-2026-32299 is a high-severity vulnerability in Opensource-workshop Connect-cms, classified under Improper Access Control. CVSS score: 7.5/10. Published 2026-03-23.

How severe is CVE-2026-32299?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Opensource-workshop Connect-cms

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow…

EPSS: 0.000 (15.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Opensource-workshop Connect-cms — versions < 1.41.1, >= 2.0.0, < 2.41.1

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j (x_refsource_CONFIRM)
https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 (x_refsource_MISC)
https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-32299?: CVE-2026-32299 is a high-severity vulnerability in Opensource-workshop Connect-cms, classified under Improper Access Control. CVSS score: 7.5/10. Published 2026-03-23.
How severe is CVE-2026-32299?: High severity. CVSS v3 base score is 7.5 out of 10.