{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-32299/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-32299","connect-cms","authorization-bypass"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eConnect-CMS, a content management system, is susceptible to an improper authorization vulnerability (CVE-2026-32299) in versions 1.x up to 1.41.0 and 2.x up to 2.41.0. This flaw allows unauthenticated attackers to potentially retrieve non-public information through the page content retrieval feature. The vulnerability stems from a lack of proper access control checks during content retrieval. Patches are available in versions 1.41.1 and 2.41.1, released by the vendor to address this critical…\u003c/p\u003e\n","date_modified":"2026-03-24T12:00:00Z","date_published":"2026-03-24T12:00:00Z","id":"/briefs/2026-03-connect-cms-auth-bypass/","summary":"Connect-CMS versions 1.x up to 1.41.0 and 2.x up to 2.41.0 are vulnerable to improper authorization in the page content retrieval feature, potentially allowing retrieval of non-public information, addressed in versions 1.41.1 and 2.41.1.","title":"Connect-CMS Improper Authorization Vulnerability (CVE-2026-32299)","url":"https://feed.craftedsignal.io/briefs/2026-03-connect-cms-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-32299","version":"https://jsonfeed.org/version/1.1"}