CVE-2026-8415 | Concrete CMS up to 9.4.x reorder cross-site request forgery

A vulnerability was found in Concrete CMS up to 9.4.x. It has been classified as problematic. Impacted is an unknown function of the file concrete/controllers/dialog/express/association/reorder. Performing a manipulation results in cross-site request forgery.

This vulnerability is cataloged as CVE-2026-8415. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More