A vulnerability labeled as problematic has been found in Concrete CMS up to 9.4.x . Affected is the function rescanMultiple of the file concrete/controllers/backend/file . Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2026-8434 . The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.