CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-8434

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://documentation.concretecms.org/9-x/developers/introduction/version-history/951-release-notes

Products affected by CVE-2026-8434

Concretecms » Concrete Cms » Version: 9.0.0

cpe:2.3:a:concretecms:concrete_cms:9.0.0
Concretecms » Concrete Cms » Version: 9.0.1

cpe:2.3:a:concretecms:concrete_cms:9.0.1
Concretecms » Concrete Cms » Version: 9.0.2

cpe:2.3:a:concretecms:concrete_cms:9.0.2
Concretecms » Concrete Cms » Version: 9.1.0

cpe:2.3:a:concretecms:concrete_cms:9.1.0
Concretecms » Concrete Cms » Version: 9.1.1

cpe:2.3:a:concretecms:concrete_cms:9.1.1
Concretecms » Concrete Cms » Version: 9.1.2

cpe:2.3:a:concretecms:concrete_cms:9.1.2
Concretecms » Concrete Cms » Version: 9.1.3

cpe:2.3:a:concretecms:concrete_cms:9.1.3
Concretecms » Concrete Cms » Version: 9.2.0

cpe:2.3:a:concretecms:concrete_cms:9.2.0
Concretecms » Concrete Cms » Version: 9.2.1

cpe:2.3:a:concretecms:concrete_cms:9.2.1
Concretecms » Concrete Cms » Version: 9.2.2

cpe:2.3:a:concretecms:concrete_cms:9.2.2
Concretecms » Concrete Cms » Version: 9.2.3

cpe:2.3:a:concretecms:concrete_cms:9.2.3
Concretecms » Concrete Cms » Version: 9.2.4

cpe:2.3:a:concretecms:concrete_cms:9.2.4
Concretecms » Concrete Cms » Version: 9.2.5

cpe:2.3:a:concretecms:concrete_cms:9.2.5
Concretecms » Concrete Cms » Version: 9.2.6

cpe:2.3:a:concretecms:concrete_cms:9.2.6
Concretecms » Concrete Cms » Version: 9.2.7

cpe:2.3:a:concretecms:concrete_cms:9.2.7
Concretecms » Concrete Cms » Version: 9.2.8

cpe:2.3:a:concretecms:concrete_cms:9.2.8
Concretecms » Concrete Cms » Version: 9.2.9

cpe:2.3:a:concretecms:concrete_cms:9.2.9
Concretecms » Concrete Cms » Version: 9.3.0

cpe:2.3:a:concretecms:concrete_cms:9.3.0
Concretecms » Concrete Cms » Version: 9.3.1

cpe:2.3:a:concretecms:concrete_cms:9.3.1
Concretecms » Concrete Cms » Version: 9.3.2

cpe:2.3:a:concretecms:concrete_cms:9.3.2
Concretecms » Concrete Cms » Version: 9.3.3

cpe:2.3:a:concretecms:concrete_cms:9.3.3
Concretecms » Concrete Cms » Version: 9.3.4

cpe:2.3:a:concretecms:concrete_cms:9.3.4
Concretecms » Concrete Cms » Version: 9.3.5

cpe:2.3:a:concretecms:concrete_cms:9.3.5
Concretecms » Concrete Cms » Version: 9.3.6

cpe:2.3:a:concretecms:concrete_cms:9.3.6
Concretecms » Concrete Cms » Version: 9.3.7

cpe:2.3:a:concretecms:concrete_cms:9.3.7
Concretecms » Concrete Cms » Version: 9.3.8

cpe:2.3:a:concretecms:concrete_cms:9.3.8
Concretecms » Concrete Cms » Version: 9.3.9

cpe:2.3:a:concretecms:concrete_cms:9.3.9
Concretecms » Concrete Cms » Version: 9.4.0

cpe:2.3:a:concretecms:concrete_cms:9.4.0
Concretecms » Concrete Cms » Version: 9.4.1

cpe:2.3:a:concretecms:concrete_cms:9.4.1
Concretecms » Concrete Cms » Version: 9.4.2

cpe:2.3:a:concretecms:concrete_cms:9.4.2
Concretecms » Concrete Cms » Version: 9.4.3

cpe:2.3:a:concretecms:concrete_cms:9.4.3
Concretecms » Concrete Cms » Version: 9.4.4

cpe:2.3:a:concretecms:concrete_cms:9.4.4
Concretecms » Concrete Cms » Version: 9.4.5

cpe:2.3:a:concretecms:concrete_cms:9.4.5
Concretecms » Concrete Cms » Version: 9.4.6

cpe:2.3:a:concretecms:concrete_cms:9.4.6
Concretecms » Concrete Cms » Version: 9.4.7

cpe:2.3:a:concretecms:concrete_cms:9.4.7
Concretecms » Concrete Cms » Version: 9.4.8

cpe:2.3:a:concretecms:concrete_cms:9.4.8
Concretecms » Concrete Cms » Version: 9.5.0

cpe:2.3:a:concretecms:concrete_cms:9.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-8434

Products

Pricing

Contact Us