CVE-2026-8435

Concrete CMS is affected: versions 9.0–9.4.x are vulnerable to Cross-Site Request Forgery in the approveVersion() endpoint located at concrete/controllers/backend/file. The issue is CSRF due to lack of proper request binding; exploitation would require user interaction. Remediation provided in so...