CVE-2026-8433 | Concrete CMS up to 9.4.x file rescan cross-site request forgery

A vulnerability categorized as problematic has been discovered in Concrete CMS up to 9.4.x. This affects the function rescan of the file concrete/controllers/backend/file. The manipulation results in cross-site request forgery.

This vulnerability is reported as CVE-2026-8433. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More