CVE-2026-32300

CVSS v3.1

8.1

High

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.

Fix

IDOR

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-285

Related Identifiers

CVE-2026-32300

Affected Products

Connect-Cms

CVE-2026-32300

Weakness Enumeration

Related Identifiers

Affected Products

References · 5