A vulnerability identified as problematic has been detected in Concrete CMS up to 9.4.x . This impacts the function star of the file concrete/controllers/backend/file . This manipulation causes cross-site request forgery. This vulnerability appears as CVE-2026-8432 . The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.