CVE-2026-32279 identifies a Server-Side Request Forgery (SSRF) vulnerability in Connect-CMS, an open-source content management system widely used for website and content management. The vulnerability resides in the external page migration feature of the Page Management Plugin, which improperly validates or restricts URLs that the server fetches during migration operations. This flaw allows an authenticated attacker with high privileges to craft requests that cause the server to initiate HTTP requests to arbitrary destinations, including internal or protected network resources that are otherwise inaccessible externally. The vulnerability affects Connect-CMS versions prior to 1.41.1 in the 1.x series and versions from 2.0.0 up to 2.41.0 in the 2.x series. The SSRF can lead to unauthorized disclosure of sensitive information from internal systems, as the attacker can leverage the server as a proxy to access internal services, metadata endpoints, or other restricted resources. The CVSS 3.1 base score of 6.8 reflects a medium severity rating, with the vector indicating network attack vector, low attack complexity, requirement for high privileges, no user interaction, and a scope change with high confidentiality impact but no impact on integrity or availability. No public exploits have been reported yet, but the presence of a patch in versions 1.41.1 and 2.41.1 underscores the importance of timely updates. The vulnerability is categorized under CWE-918, which covers SSRF issues that can lead to information disclosure or further attacks within internal networks.

The primary impact of CVE-2026-32279 is the potential unauthorized disclosure of sensitive internal information due to SSRF exploitation. Attackers with authenticated high privileges can coerce the Connect-CMS server to send crafted HTTP requests to internal systems, potentially accessing internal APIs, metadata services, or other protected resources that are not exposed externally. This can lead to leakage of confidential data, including credentials, configuration details, or internal network topology. While the vulnerability does not directly affect data integrity or system availability, the information gained can facilitate further attacks such as lateral movement, privilege escalation, or targeted intrusions. Organizations using affected versions of Connect-CMS in environments with sensitive internal infrastructure or cloud metadata endpoints are at higher risk. The requirement for authenticated high privileges limits exploitation to insiders or compromised accounts, but the risk remains significant in environments where privilege management is weak. The absence of known exploits in the wild suggests limited current exploitation but does not preclude future attacks, especially as the vulnerability becomes more widely known.

To mitigate CVE-2026-32279, organizations should immediately upgrade Connect-CMS installations to versions 1.41.1 or 2.41.1 or later, where the SSRF vulnerability has been patched. In addition to patching, administrators should review and restrict access to the Page Management Plugin’s external page migration feature, limiting its use to trusted administrators only. Implement strict network segmentation and firewall rules to prevent the Connect-CMS server from making unauthorized outbound requests to internal or sensitive network segments. Employ web application firewalls (WAFs) with SSRF detection capabilities to monitor and block suspicious outbound requests originating from the CMS server. Conduct regular audits of user privileges to ensure that only necessary users have high-level access, reducing the risk of insider exploitation. Monitoring logs for unusual server-side request patterns can help detect attempted SSRF exploitation. Finally, consider disabling or restricting the external page migration feature if it is not essential to operational workflows, thereby reducing the attack surface.