A vulnerability categorized as problematic has been discovered in Concrete CMS up to 9.4.x . This affects the function rescan of the file concrete/controllers/backend/file . The manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2026-8433 . The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.