CVE-2026-3452 | Concrete CMS up to 9.4.7 Express Entry List Block unserialize columns deserialization

Inserito da Angelo Barbosa | Mar 4, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in Concrete CMS up to 9.4.7. This vulnerability affects the function unserialize of the component Express Entry List Block Handler. Performing a manipulation of the argument columns results in deserialization.

This vulnerability is known as CVE-2026-3452. Remote exploitation of the attack is possible. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-3452 | Concrete CMS up to 9.4.7 Express Entry List Block unserialize columns deserialization

Post correlati

CVE-2024-11411 | Spotlightr Plugin up to 0.1.9 on WordPress cross site scripting

CVE-2025-52815 | AncoraThemes CityGov Plugin up to 1.9 on WordPress filename control

CVE-2024-20724 | Adobe Substance 3D Painter up to 9.1.1 out-of-bounds (apsb24-04)

CVE-2023-31036 | NVIDIA Triton Inference Server prior 2.40 on Linux/Windows Model Load API path traversal