A vulnerability labeled as problematic has been found in Concrete CMS up to 9.5.1 . This issue affects the function unserialize . The manipulation results in deserialization. This vulnerability is identified as CVE-2026-7888 . The attack is only possible with local access. There is not any exploit available. The affected component should be upgraded.