A vulnerability was found in Concrete CMS up to 9.4.x . It has been classified as problematic . Impacted is an unknown function of the file concrete/controllers/dialog/express/association/reorder . Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-8415 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.