CVE-2026-8435 | Concrete CMS up to 9.4.x file approveVersion cross-site request forgery

Inserito da Angelo Barbosa | Mag 22, 2026 | CVE

A vulnerability marked as problematic has been reported in Concrete CMS CMS up to 9.4.x. Affected by this vulnerability is the function approveVersion of the file concrete/controllers/backend/file. Performing a manipulation results in cross-site request forgery.

This vulnerability is known as CVE-2026-8435. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-8435 | Concrete CMS up to 9.4.x file approveVersion cross-site request forgery

Post correlati

CVE-2024-9934 | Wp-ImageZoom Plugin up to 1.1.0 on WordPress cross site scripting

CVE-2023-50740 | Apache Linkis DataSource up to 1.4.x log file

CVE-2025-11737 | VK All in One Expansion Unit Plugin up to 9.112.3 on WordPress SNS Title vkExUnit_sns_title cross site scripting

CVE-2024-47520 | Arista Edge Threat Management up to 17.1.1 Report improper isolation or compartmentalization