CVE-2026-8410
HighSummary
Concrete CMS version 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) in the log deletion module. This vulnerability has been rated by the Concrete CMS security team as 2.3 on the CVSS v.4.0 scale.
Risk Assessment
A CSRF attack could allow unauthorized actions on behalf of a logged-in user, potentially leading to data loss or unauthorized changes in the system.
Recommendation
It is recommended to update Concrete CMS to version 9.5.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.

