CVE-2026-32279
⚪ Do wiadomości
W Connect-CMS występuje podatność SSRF w migracji stron, co może prowadzić do nieautoryzowanego dostępu.
CVSS
6.8
EPSS
0.0%
Exploit
none
Vendor
opensource-workshop
Opis źródłowy (NVD)
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
ssrf
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-03-23 22:16:27 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-24 20:28:36 UTC |
Referencje
- https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63 (security-advisories@github.com) [Patch]
- https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f (security-advisories@github.com) [Patch]
- https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 (security-advisories@github.com) [Release Notes]
- https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1 (security-advisories@github.com) [Release Notes]
- https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9 (security-advisories@github.com) [Vendor Advisory]