CVE Catalog

CVE-2026-8413

High
Published: Translated: NVD NIST

Summary

Concrete CMS version 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) in the concrete/controllers/dialog/page/bulk/design module.

Risk Assessment

An attacker could exploit this vulnerability to perform unauthorized actions on behalf of the user, potentially leading to unwanted changes in the system.

Recommendation

It is recommended to upgrade Concrete CMS to version 9.5.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS