Known exploited
October CMS
CVE published 2022-01-18
CVE-2021-32648
CVE-2021-32648 is an improper authentication vulnerability affecting October CMS. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2022-01-18, indicating it should be treated as an active risk for exposed deployments. The supplied sources do not include affected version details or a CVSS score, so remediation should follow the vendor’s update guidance and be prioritized immediately.