CVE-2026-8409

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.0

Description Cross Site Request Forgery (CSRF) occurs at the 'concrete/controllers/dialog/logs/delete' endpoint. CSRF is a type of attack that tricks a victim into submitting a malicious request. It is not specified how many devices are affected or if there are real-world incidents.

Recommendations Update to version 9.5.0 or later.