How to fix EUVD-2026-14570?

Q: How to fix EUVD-2026-14570?

Within 24 hours: Inventory all Connect-CMS instances and identify those running affected versions; disable or restrict access to the Form Plugin file field component if immediate patching is not possible. Within 7 days: Apply vendor patch to all affected Connect-CMS installations and conduct form data validation to detect potential injected payloads. Within 30 days: Complete security testing of all patched systems, review administrator activity logs for suspicious behavior during the vulnerability window, and conduct awareness training on stored XSS risks.

EUVD-2026-14570

| CVE-2026-32278 HIGH

2026-03-23 https://github.com/opensource-workshop/connect-cms

GHSA-mv3p-7p89-wq9p

8.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 23, 2026 - 20:45 vuln.today

EUVD ID Assigned

Mar 23, 2026 - 20:45 euvd

EUVD-2026-14570

Patch Released

Mar 23, 2026 - 20:45 nvd

Patch available

CVE Published

Mar 23, 2026 - 20:36 nvd

HIGH 8.2

Description

# Security Advisory - Form Plugin (Stored XSS) ## Summary A Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. ## Affected Versions - 1.x series: <= 1.41.0 - 2.x series: <= 2.41.0 ## Patched Versions - 1.41.1 - 2.41.1 ## Description In the file field of the Form Plugin, Stored Cross-site Scripting (XSS) could occur. If exploited, arbitrary script could run in an administrator's browser, which may lead to unauthorized actions or information theft. Users affected by this vulnerability should update to a fixed version. ## Solution Update to the fixed version. For the 1.x series, update to 1.41.1 or later. For the 2.x series, update to 2.41.1 or later. ## Credits OpenSource WorkShop thanks **Sho Odagiri** (小田切祥) of **GMO Cybersecurity by Ierae, Inc.** for reporting this vulnerability.

Analysis

A Stored Cross-Site Scripting (XSS) vulnerability exists in the file field component of the Form Plugin within Connect-CMS. The vulnerability affects Connect-CMS versions 1.41.0 and earlier in the 1.x series, and versions 2.41.0 and earlier in the 2.x series. …

Remediation

Within 24 hours: Inventory all Connect-CMS instances and identify those running affected versions; disable or restrict access to the Form Plugin file field component if immediate patching is not possible. Within 7 days: Apply vendor patch to all affected Connect-CMS installations and conduct form data validation to detect potential injected payloads. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +41

POC: 0

EUVD-2026-14570 vulnerability details – vuln.today

Back

EUVD-2026-14570

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-14570

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code