CVE-2026-8421 | Concrete CMS up to 9.5.0 Installation install.php install_package cross-site request forgery
A vulnerability, which was classified as problematic, has been found in Concrete CMS up to 9.5.0. Affected by this vulnerability is the function install_package of the file concrete/controllers/single_page/dashboard/extend/install.php of the component Installation Handler. Performing a manipulation results in cross-site request forgery.
This vulnerability is cataloged as CVE-2026-8421. It is possible to initiate the attack remotely. There is no exploit available.