A vulnerability marked as problematic has been reported in Concrete CMS up to 9.5.0 . The impacted element is the function json_decode of the component REST API . The manipulation leads to deserialization. This vulnerability is referenced as CVE-2026-8135 . Remote exploitation of the attack is possible. No exploit is available.