CVE-2026-32276 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 23, 2026
Connect-CMS - Remote Code Execution
Overview
Connect-CMS 1.x <= 1.41.0 and 2.x <= 2.41.0 contain a remote code execution caused by improper validation in the Code Study Plugin, letting authenticated users execute arbitrary code.
Severity & Score
Impact
Authenticated users can execute arbitrary code, potentially leading to full system compromise.
Mitigation
Update to versions 1.41.1 or 2.41.1 or later.
References
- https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85
- https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
- https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
- https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv
Social Media Activity(2 posts)
š CVE-2026-32276 - High (8.8) Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. V... š https://www.thehackerwire.com/vulnerability/CVE-2026-32276/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32276 - High (8.8) Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. V... š https://www.thehackerwire.com/vulnerability/CVE-2026-32276/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32276
- Severity
- High
- CVSS Score
- 8.8
- Type
- undefined
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H