A vulnerability classified as problematic has been found in Concrete CMS up to 9.5.1 . This vulnerability affects the function unserialize . Performing a manipulation results in deserialization. This vulnerability is identified as CVE-2026-10721 . The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.