{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32299", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-11T21:16:21.658Z", "datePublished": "2026-03-23T21:37:49.083Z", "dateUpdated": "2026-03-24T15:49:20.800Z"}, "containers": {"cna": {"title": "Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j"}, {"name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"}, {"name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}], "affected": [{"vendor": "opensource-workshop", "product": "connect-cms", "versions": [{"version": "< 1.41.1", "status": "affected"}, {"version": ">= 2.0.0, < 2.41.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T21:37:49.083Z"}, "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch."}], "source": {"advisory": "GHSA-62ch-j6x7-722j", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T15:48:32.482178Z", "id": "CVE-2026-32299", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:49:20.800Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32299", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T15:48:32.482178Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:49:11.607Z"}}], "cna": {"title": "Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature", "source": {"advisory": "GHSA-62ch-j6x7-722j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "opensource-workshop", "product": "connect-cms", "versions": [{"status": "affected", "version": "< 1.41.1"}, {"status": "affected", "version": ">= 2.0.0, < 2.41.1"}]}], "references": [{"url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j", "name": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T21:37:49.083Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32299", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:49:20.800Z", "dateReserved": "2026-03-11T21:16:21.658Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-23T21:37:49.083Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "60B8BBDF-82BD-486D-AE17-7F59360E62C3", "versionEndExcluding": "1.41.1", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C11B4F0-DF29-473A-A285-9DA152DDCDE1", "versionEndExcluding": "2.41.1", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch."}, {"lang": "es", "value": "Connect-CMS es un sistema de gesti\u00f3n de contenido. En versiones de la serie 1.x hasta e incluyendo 1.41.0 y versiones de la serie 2.x hasta e incluyendo 2.41.0, un problema de autorizaci\u00f3n impropia en la funci\u00f3n de recuperaci\u00f3n de contenido de p\u00e1gina puede permitir la recuperaci\u00f3n de informaci\u00f3n no p\u00fablica. Las versiones 1.41.1 y 2.41.1 contienen un parche."}], "id": "CVE-2026-32299", "lastModified": "2026-03-24T20:38:16.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-23T22:16:27.780", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.41.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0,2.41.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "connect-cms", "source": "cna", "vendor": "opensource-workshop"}, "product": "connect-cms", "vendor": "opensource-workshop"}], "created": "2026-03-24T10:30:12.279385+00:00", "updated": "2026-03-24T10:30:12.279495+00:00", "vendors": ["opensource-workshop", "opensource-workshop$PRODUCT$connect-cms"]}