CVE-2026-8411 | Concrete CMS up to 9.4.x delete cross-site request forgery

A vulnerability classified as problematic has been found in Concrete CMS up to 9.4.x. The impacted element is an unknown function of the file concrete/controllers/dialog/page/bulk/delete. This manipulation causes cross-site request forgery.

The identification of this vulnerability is CVE-2026-8411. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More