NVD HIGH: CVE-2026-8434 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a...

Thursday, May 21, 2026 at 10:16 PM UTC·Source: NIST NVD

Updated: Wednesday, May 27, 2026 at 02:00 PM UTC

Executive Summary

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-8434

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 21, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Franklin Templeton and MoonPay bid to expand institutional access to tokenised funds

Franklin Templeton and MoonPay today announced a strategic partnership to make tokenized financial products more accessible and usable across the onchain financial ecosystem.

Just nowFinextra

MEDIUMVulnerabilityNEW

Investing app Plynk revamps app

Plynk, the award-winning investing app designed to uncomplicate the investing experience and empower users with confidence-boosting tools, announced its app upgrade and rebrand alongside the launch of the dividend match, a first-of its-kind offer.

Just nowFinextra

MEDIUMVulnerabilityNEW

DNB Bank expands partnership with Infosys for AI-driven financial crime operations

Infosys (NSE, BSE, NYSE: INFY), a global leader in AI-first business consulting and technology services, today announced the expansion of its strategic collaboration with DNB Bank ASA (DNB), Norway’s largest bank, to modernize its Financial Crime (FinCrime) operations using NICE Actimize X-Sight Enterprise platform.

Just nowFinextra