CVE-2026-8417 | Concrete CMS up to 9.5.0 do_update cross-site request forgery

Inserito da Angelo Barbosa | Mag 21, 2026 | CVE

A vulnerability classified as problematic has been found in Concrete CMS up to 9.5.0. This impacts the function do_update of the file /dashboard/extend/update/do_update/. This manipulation causes cross-site request forgery.

This vulnerability is tracked as CVE-2026-8417. The attack is possible to be carried out remotely. No exploit exists.

CVE-2026-8417 | Concrete CMS up to 9.5.0 do_update cross-site request forgery

Post correlati

CVE-2024-6626 | EleForms Plugin up to 2.9.9.9 on WordPress authorization

CVE-2024-24966 | F5 F5OS LDAP Remote Authentication authorization (K000133111)

VDB-285146 | Google Cloud Vertex AI Workbench server-side request forgery

CVE-2025-43536 | WebKitGTK/WPE WebKit up to 2.50.3 Web use after free