A vulnerability marked as problematic has been reported in Concrete CMS CMS up to 9.4.x . Affected by this vulnerability is the function approveVersion of the file concrete/controllers/backend/file . Performing a manipulation results in cross-site request forgery. This vulnerability is known as CVE-2026-8435 . Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.