High severityNVD Advisory· Published Mar 23, 2026· Updated Mar 25, 2026
Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information
CVE-2026-32300
Description
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
opensource-workshop/connect-cmsPackagist | < 1.41.1 | 1.41.1 |
opensource-workshop/connect-cmsPackagist | >= 2.0.0, < 2.41.1 | 2.41.1 |
Affected products
2- opensource-workshop/connect-cmsv5Range: < 1.41.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-qr6x-wvxr-8hm9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32300ghsaADVISORY
- github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cceghsax_refsource_MISCWEB
- github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1ghsax_refsource_MISCWEB
- github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1ghsax_refsource_MISCWEB
- github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.