CVE-2026-2994 | Concrete CMS up to 9.4.7 Configuration group_id cross-site request forgery (EUVD-2026-9357)

A vulnerability labeled as problematic has been found in Concrete CMS up to 9.4.7. The impacted element is an unknown function of the component Configuration Handler. Executing a manipulation of the argument group_id can lead to cross-site request forgery.

This vulnerability is tracked as CVE-2026-2994. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More