https://feed.craftedsignal.io/tags/cve-2026-32299/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 24 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-connect-cms-auth-bypass/Tue, 24 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-connect-cms-auth-bypass/Connect-CMS versions 1.x up to 1.41.0 and 2.x up to 2.41.0 are vulnerable to improper authorization in the page content retrieval feature, potentially allowing retrieval of non-public information, addressed in versions 1.41.1 and 2.41.1.<p>Connect-CMS, a content management system, is susceptible to an improper authorization vulnerability (CVE-2026-32299) in versions 1.x up to 1.41.0 and 2.x up to 2.41.0. This flaw allows unauthenticated attackers to potentially retrieve non-public information through the page content retrieval feature. The vulnerability stems from a lack of proper access control checks during content retrieval. Patches are available in versions 1.41.1 and 2.41.1, released by the vendor to address this critical…</p> highadvisorycve-2026-32299connect-cmsauthorization-bypass