A vulnerability described as problematic has been identified in Concrete CMS up to 9.5.0 . This affects an unknown part. The manipulation results in authorization bypass. This vulnerability is reported as CVE-2026-8347 . The attack can be launched remotely. No exploit exists.