CVE-2026-8434 | Concrete CMS up to 9.4.x file rescanMultiple cross-site request forgery

Inserito da Angelo Barbosa | Mag 22, 2026 | CVE

A vulnerability labeled as problematic has been found in Concrete CMS up to 9.4.x. Affected is the function rescanMultiple of the file concrete/controllers/backend/file. Such manipulation leads to cross-site request forgery.

This vulnerability is traded as CVE-2026-8434. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2026-8434 | Concrete CMS up to 9.4.x file rescanMultiple cross-site request forgery

Post correlati

CVE-2026-5320 | vanna-ai vanna up to 2.0.2 Chat API Endpoint /api/vanna/v2/ missing authentication

CVE-2024-2267 | keerti1924 Online-Book-Store-Website 1.0 /shop.php product_price logic error

CVE-2021-46914 | Linux Kernel up to 5.10.31/5.11/5.11.15 ixgbe pci_disable_device denial of service (be07581aacae/f1b4be4a753c/debb9df31158)

CVE-2024-33528 | ILIAS up to 7.29/8.10 XML File Upload cross site scripting