CVE-2026-32299 is an improper access control vulnerability classified under CWE-284 affecting Connect-CMS, a widely used open-source content management system. The vulnerability exists in the page content retrieval functionality, where insufficient authorization checks allow unauthenticated remote attackers to access non-public information stored within the CMS. This flaw affects all 1.x versions up to 1.41.0 and 2.x versions up to 2.41.0. The vulnerability does not require any privileges or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score is 7.5, reflecting a high impact on confidentiality (complete exposure of sensitive content) but no impact on integrity or availability. The vulnerability was publicly disclosed on March 23, 2026, with patches released in versions 1.41.1 and 2.41.1 that properly enforce authorization checks during content retrieval. No known exploits have been reported in the wild, but the ease of exploitation and the sensitivity of exposed data make this a critical patch for affected organizations. The flaw could lead to unauthorized disclosure of sensitive business or personal information managed within Connect-CMS, potentially resulting in data breaches or compliance violations.

The primary impact of CVE-2026-32299 is unauthorized disclosure of sensitive or confidential information stored in Connect-CMS installations. Organizations using vulnerable versions risk exposure of private content, which could include internal documents, user data, or proprietary information. This can lead to reputational damage, regulatory penalties (especially under data protection laws like GDPR or HIPAA), and loss of customer trust. Since the vulnerability does not affect integrity or availability, attackers cannot modify or disrupt content but can silently extract data. The ease of exploitation without authentication or user interaction increases the risk of automated scanning and mass data harvesting by threat actors. Enterprises, government agencies, and educational institutions using Connect-CMS for sensitive content management are particularly at risk. The lack of known exploits in the wild currently reduces immediate threat but does not eliminate the risk of future attacks once exploit code becomes publicly available.

1. Immediately upgrade Connect-CMS installations to version 1.41.1 or 2.41.1 or later, where the vulnerability is patched. 2. Until patching is possible, restrict network access to the CMS page content retrieval endpoints using firewall rules or network segmentation to limit exposure. 3. Conduct a thorough audit of access control configurations within Connect-CMS to ensure no other endpoints allow unauthorized data access. 4. Implement web application firewalls (WAFs) with rules to detect and block anomalous requests targeting content retrieval features. 5. Monitor logs for unusual access patterns or repeated requests to non-public content pages, which may indicate exploitation attempts. 6. Educate administrators and developers on secure authorization practices to prevent similar flaws in custom CMS extensions or plugins. 7. Review and enhance overall CMS security posture, including regular vulnerability scanning and penetration testing focused on access control mechanisms.