A vulnerability, which was classified as problematic , was found in Concrete CMS up to 9.4.x . This affects an unknown part of the file concrete/controllers/dialog/page/bulk/cache . The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2026-8412 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.