CVE-2026-8135 | Concrete CMS up to 9.5.0 REST API json_decode deserialization

Inserito da Angelo Barbosa | Mag 21, 2026 | CVE

A vulnerability marked as problematic has been reported in Concrete CMS up to 9.5.0. The impacted element is the function json_decode of the component REST API. The manipulation leads to deserialization.

This vulnerability is referenced as CVE-2026-8135. Remote exploitation of the attack is possible. No exploit is available.

CVE-2026-8135 | Concrete CMS up to 9.5.0 REST API json_decode deserialization

Post correlati

CVE-2024-20374 | Cisco Secure Firewall Management Center Software command injection (cisco-sa-fmc-cmd-inj-2HBkA97G)

CVE-2024-6808 | itsourcecode Simple Task List 1.0 signUp.php insertUserRecord username sql injection

CVE-2025-6151 | TP-Link TL-WR940N V4 WanSlaacCfgRpm.htm dnsserver1 buffer overflow

CVE-2026-6662 | ericc-ch copilot-api up to 0.7.0 Token Endpoint src/server.ts cors cross-domain policy