CVE-2026-8416 | Concrete CMS up to 9.4.x file ID cross-site request forgery

A vulnerability was found in Concrete CMS CMS up to 9.4.x. It has been declared as problematic. The affected element is an unknown function of the file concrete/controllers/backend/file. Executing a manipulation of the argument ID can lead to cross-site request forgery.

This vulnerability is registered as CVE-2026-8416. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More