[HIGH] Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin

PKSA-41bx-mcct-sk3j CVE-2026-32276 GHSA-hxqw-6qv7-cqfv

Affected package: opensource-workshop/connect-cms

Affected version: >=2.0.0,<2.41.1|<1.41.1

Reported by:
GitHub