CVE-2026-8427LOWCVSS 0.0

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)

Published May 22, 2026·Updated Jun 24, 2026

Description

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id).

Affected Packages (1)

concrete5/concrete5COMPOSER
From 9.0.0RC1
Fixed in 9.5.1

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free