CVE-2026-8412LOWCVSS 0.0

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache

Published May 22, 2026·Updated Jun 24, 2026

Description

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache.

Affected Packages (1)

concrete5/concrete5COMPOSER
From 9.0.0RC1
Fixed in 9.5.1

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free