EUVD-2026-14576
GHSA-qr6x-wvxr-8hm9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Description
# Security Advisory - My Page Profile Update (Improper Authorization) ## Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. ## Affected Versions - 1.x series: <= 1.41.0 - 2.x series: <= 2.41.0 ## Patched Versions - 1.41.1 - 2.41.1 ## Description In part of the My Page profile update feature, another user's profile information or password could be modified. If exploited, arbitrary user accounts may be taken over. Exploitation requires that the attacker be able to reach the affected functionality as an authenticated user. Users affected by this vulnerability should update to a fixed version. ## Solution Update to the fixed version. For the 1.x series, update to 1.41.1 or later. For the 2.x series, update to 2.41.1 or later. ## Credits OpenSource WorkShops thanks **Sho Odagiri** (小田切 祥) of **GMO Cybersecurity by Ierae, Inc.** for reporting this vulnerability.
Analysis
Improper authorization in the My Page profile update feature allows authenticated attackers to modify arbitrary user profiles and passwords, potentially leading to account takeover. Affected versions include 1.x through 1.41.0 and 2.x through 2.41.0; patches are available in versions 1.41.1 and 2.41.1. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Connect CMS instances and confirm installed versions against affected versions (1.x-1.41.0, 2.x-2.41.0). Within 7 days: Apply patches to versions 1.41.1 or 2.41.1 across all instances, beginning with production environments. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today