CVE-2026-32300 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 24, 2026
Connect-CMS - Broken Access Control
Overview
Connect-CMS 1.x <= 1.41.0 and 2.x <= 2.41.0 contain an improper authorization vulnerability in the My Page profile update feature, letting attackers modify arbitrary user information, exploit requires user authentication.
Severity & Score
Impact
Attackers can modify arbitrary user information, potentially leading to privilege escalation or data tampering.
Mitigation
Upgrade to versions 1.41.1 or 2.41.1 or later.
References
- https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
- https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9
- https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce
- https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
Social Media Activity(1 post)
š CVE-2026-32300 - High (8.1) Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modific... š https://www.thehackerwire.com/vulnerability/CVE-2026-32300/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32300
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_access_control
- Status
- confirmed
- EPSS
- 2.9%
- Social Posts
- 1
CWE
- CWE-285
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N