CVE Catalog

CVE-2026-8409

High
Published: Translated: NVD NIST

Summary

Concrete CMS version 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) in the log deletion module. This vulnerability has been rated by the Concrete CMS security team with a CVSS v.4.0 score of 2.3.

Risk Assessment

A CSRF attack could allow an attacker to perform unauthorized actions on behalf of a logged-in user, potentially leading to data loss or system integrity breaches.

Recommendation

It is recommended to upgrade Concrete CMS to version 9.5.0 or later to mitigate this vulnerability. Additionally, implementing CSRF protection mechanisms is advisable.

Original NVD description (English source)

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS