{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32276", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-11T15:05:48.400Z", "datePublished": "2026-03-23T21:06:32.607Z", "dateUpdated": "2026-03-24T15:13:12.123Z"}, "containers": {"cna": {"title": "Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv"}, {"name": "https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85", "tags": ["x_refsource_MISC"], "url": "https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85"}, {"name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"}, {"name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}], "affected": [{"vendor": "opensource-workshop", "product": "connect-cms", "versions": [{"version": "< 1.41.1", "status": "affected"}, {"version": ">= 2.0.0, < 2.41.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T21:21:25.766Z"}, "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch."}], "source": {"advisory": "GHSA-hxqw-6qv7-cqfv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:30:13.883620Z", "id": "CVE-2026-32276", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:13:12.123Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32276", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:30:13.883620Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:30:18.387Z"}}], "cna": {"title": "Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin", "source": {"advisory": "GHSA-hxqw-6qv7-cqfv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "opensource-workshop", "product": "connect-cms", "versions": [{"status": "affected", "version": "< 1.41.1"}, {"status": "affected", "version": ">= 2.0.0, < 2.41.1"}]}], "references": [{"url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv", "name": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85", "name": "https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "name": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T21:21:25.766Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32276", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:13:12.123Z", "dateReserved": "2026-03-11T15:05:48.400Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-23T21:06:32.607Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "60B8BBDF-82BD-486D-AE17-7F59360E62C3", "versionEndExcluding": "1.41.1", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C11B4F0-DF29-473A-A285-9DA152DDCDE1", "versionEndExcluding": "2.41.1", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch."}, {"lang": "es", "value": "Connect-CMS es un sistema de gesti\u00f3n de contenido. En versiones de la serie 1.x hasta la 1.41.0 inclusive y versiones de la serie 2.x hasta la 2.41.0 inclusive, un usuario autenticado podr\u00eda ejecutar c\u00f3digo arbitrario en el plugin Code Study. Las versiones 1.41.1 y 2.41.1 contienen un parche."}], "id": "CVE-2026-32276", "lastModified": "2026-03-24T19:58:16.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-23T22:16:27.050", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.41.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0,2.41.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "connect-cms", "source": "cna", "vendor": "opensource-workshop"}, "product": "connect-cms", "vendor": "opensource-workshop"}], "analysis": {"en": {"generated_at": "2026-03-24T21:55:35.484530+00:00", "value": {"mitigation_remediation": ["Upgrade Connect\u2011CMS to v1.41.1 or v2.41.1", "Verify that the Code Study Plugin is updated and no legacy files remain", "Disable or uninstall the Code Study Plugin if it is not required", "Revoke or limit authentication accounts that no longer need access"], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "OpenSource Workshop Connect\u2011CMS versions 1.0 through 1.41.0 and 2.0 through 2.41.0 are affected. The Code Study Plugin contains the vulnerable code. Versions 1.41.1 and 2.41.1 contain the fix that removes the exploit path.", "description_and_impact": "The vulnerability allows authenticated users to inject and execute arbitrary PHP code through the Code Study Plugin. An attacker can compromise the integrity, confidentiality, and availability of the entire CMS installation. The flaw is a code injection weakness as described by CWE\u201194.", "risk_and_exploitability": "The CVSS score of 8.8 classifies the weakness as high severity, while the EPSS <\u20091% suggests current exploit prevalence is low and it is not listed in the KEV catalog. Exploitation requires an authenticated session, after which an attacker can place and run arbitrary code, fully compromising the affected server. The risk remains high for installations that enable the plugin and allow authenticated write access."}}}}, "created": "2026-03-24T10:32:41.129157+00:00", "updated": "2026-03-25T20:36:29.284005+00:00", "vendors": ["opensource-workshop", "opensource-workshop$PRODUCT$connect-cms"]}