High severityNVD Advisory· Published Mar 23, 2026· Updated Mar 24, 2026
Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature
CVE-2026-32299
Description
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
opensource-workshop/connect-cmsPackagist | < 1.41.1 | 1.41.1 |
opensource-workshop/connect-cmsPackagist | >= 2.0.0, < 2.41.1 | 2.41.1 |
Affected products
2- opensource-workshop/connect-cmsv5Range: < 1.41.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-62ch-j6x7-722jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32299ghsaADVISORY
- github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1ghsax_refsource_MISCWEB
- github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1ghsax_refsource_MISCWEB
- github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722jghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.