CVE-2026-8411LOWCVSS 0.0

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete

Published May 22, 2026·Updated Jun 24, 2026

Description

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete.

concrete5/concrete5COMPOSER

From 9.0.0RC1

Fixed in 9.5.1

Get alerted for CVEs like this