CVE-2026-8410 | Concrete CMS up to 9.4.x delete cross-site request forgery

A vulnerability described as problematic has been identified in Concrete CMS up to 9.4.x. The affected element is an unknown function of the file concrete/controllers/dialog/logs/bulk/delete. The manipulation results in cross-site request forgery.

This vulnerability was named CVE-2026-8410. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More