CVE-2026-32300
Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
8th
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.
| CWE | CWE-285 CWE-639 |
| Vendor | opensource-workshop |
| Product | connect-cms |
| Published | Mar 23, 2026 |
| Last Updated | Mar 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for opensource-workshop connect-cms
Be the first to know when new high vulnerabilities affecting opensource-workshop connect-cms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
opensource-workshop / connect-cms
< 1.41.1 >= 2.0.0, < 2.41.1
References
github.com: https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9 github.com: https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce github.com: https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 github.com: https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1