CVE Catalog

CVE-2026-8433

High
Published: Translated: NVD NIST

Summary

Concrete CMS version 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) in the rescan() function of the backend file controller.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized actions being performed on behalf of the user, jeopardizing system integrity.

Recommendation

It is recommended to update Concrete CMS to version 9.5.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS