PT-2026-27232 · Unknown · Connect-Cms

Odgrso

Publicado

2026-03-23

Atualizado

2026-03-24

CVE-2026-32299

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Connect-CMS versions 1.x through 1.41.0 Connect-CMS versions 2.x through 2.41.0

Description An improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Insufficient authorization checks could allow processing associated with non-public pages to be executed, potentially allowing the contents and attachments of non-public pages to be obtained by a third party.

Recommendations For the 1.x series, update to version 1.41.1 or later. For the 2.x series, update to version 2.41.1 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2026-32299

GHSA-62CH-J6X7-722J

Produtos afetados

Connect-Cms

PT-2026-27232 · Unknown · Connect-Cms

CVE-2026-32299

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10