CVE-2026-8434 | Concrete CMS up to 9.4.x file rescanMultiple cross-site request forgery

Inserito da Angelo Barbosa | Mag 22, 2026 | CVE

A vulnerability labeled as problematic has been found in Concrete CMS up to 9.4.x. Affected is the function rescanMultiple of the file concrete/controllers/backend/file. Such manipulation leads to cross-site request forgery.

This vulnerability is traded as CVE-2026-8434. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2026-8434 | Concrete CMS up to 9.4.x file rescanMultiple cross-site request forgery

Post correlati

CVE-2023-30968 | Palantir Gotham Gaia cross site scripting

CVE-2024-26812 | Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2 INTx eventfd_signal Privilege Escalation

CVE-2024-13320 | villatheme CURCY Plugin up to 2.3.6 on WordPress wc_filter_price_meta[where] sql injection

CVE-2025-6243 | Ruckus Virtual SmartZone/Network Director SSH Public Key hard-coded key