A vulnerability has been found in Concrete CMS CMS up to 9.4.x and classified as problematic . This vulnerability affects unknown code of the file concrete/controllers/dialog/page/bulk/design . This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2026-8413 . The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.