CVE-2026-32300

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Connect-CMS versions 1.x through 1.41.0 Connect-CMS versions 2.x through 2.41.0

Description Connect-CMS is a content management system. An improper authorization issue exists in the My Page profile update feature, potentially allowing modification of arbitrary user information. Exploitation requires an attacker to access the affected functionality as an authenticated user, which could lead to account takeover.

Recommendations For the 1.x series, update to version 1.41.1 or later. For the 2.x series, update to version 2.41.1 or later.

Exploit

Fix

Improper Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-639

Related Identifiers

CVE-2026-32300

GHSA-QR6X-WVXR-8HM9

Affected Products

Connect-Cms

CVE-2026-32300

Weakness Enumeration

Related Identifiers

Affected Products

References · 12