A vulnerability classified as problematic has been found in Concrete CMS up to 9.5.0 . This impacts the function do_update of the file /dashboard/extend/update/do_update/ . This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2026-8417 . The attack is possible to be carried out remotely. No exploit exists.