A vulnerability was found in Concrete CMS up to 9.4.x and classified as problematic . This issue affects some unknown processing of the file concrete/controllers/dialog/event/duplicate . Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2026-8414 . The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.