Connect-CMS Improper Authorization Vulnerability (CVE-2026-32299)
Connect-CMS versions 1.x up to 1.41.0 and 2.x up to 2.41.0 are vulnerable to improper authorization in the page content retrieval feature, potentially allowing retrieval of non-public information, addressed in versions 1.41.1 and 2.41.1.
Connect-CMS, a content management system, is susceptible to an improper authorization vulnerability (CVE-2026-32299) in versions 1.x up to 1.41.0 and 2.x up to 2.41.0. This flaw allows unauthenticated attackers to potentially retrieve non-public information through the page content retrieval feature. The vulnerability stems from a lack of proper access control checks during content retrieval. Patches are available in versions 1.41.1 and 2.41.1, released by the vendor to address this critical…
Detection coverage 2
Detect Connect-CMS Unauthorized Page Access
highDetects potential unauthorized access to Connect-CMS pages due to CVE-2026-32299. Monitor for suspicious requests to page retrieval endpoints.
Detect Connect-CMS Exploitation Attempt via Request Headers
mediumDetects potential exploitation attempts of Connect-CMS via unusual request headers.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1