Security Advisory

CVE-2026-8415

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-21 21:29:13

Last updated 2026-05-22 13:10:52

Assigner ConcreteCMS

State PUBLISHED

Description

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.

← Browse all CVEs View on cve.org ↗