CVE-2026-32276

Summary

Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin

Severity

high

EPSS

0.5% (p37)

Also known as

GHSA-hxqw-6qv7-cqfv

Published

2026-03-23

References

• https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv
• https://nvd.nist.gov/vuln/detail/CVE-2026-32276
• https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85

Related advisories

• CVE-2026-32300 — high · Packagist/opensource-workshop/connect-cms
• CVE-2026-32299 — high · Packagist/opensource-workshop/connect-cms
• CVE-2026-32278 — high · Packagist/opensource-workshop/connect-cms
• CVE-2026-32277 — high · Packagist/opensource-workshop/connect-cms
• GHSA-2237-5r9w-vm8j — high · Packagist/opensource-workshop/connect-cms
• CVE-2026-32279 — medium · Packagist/opensource-workshop/connect-cms
• GHSA-5rjc-jc28-cwgg — medium · Packagist/opensource-workshop/connect-cms

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity