QSearchQSearch

CVE-2026-8236

4.3 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate

Published: 2026-05-21 · Last updated: 2026-05-26

Severity and scoring

CVSS
4.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
CWE-862

Affected products

VendorProduct
concretecmsconcrete_cms

Description

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/{fID} accepts an integer file ID in the URL and returns internal site structure data (page IDs, versions, URL paths) to anyone who sends a GET request. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks Winston Crooker for reporting.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-8340 Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion (4.3 MEDIUM)
  • CVE-2026-8434 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple() (8.8 HIGH)
  • CVE-2026-8433 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan() (8.8 HIGH)
  • CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star() (8.8 HIGH)
  • CVE-2026-8427 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder(... (8.8 HIGH)

Same CWE

  • CVE-2026-12105 Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplicat...
  • CVE-2026-53866 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators ... (8.1 HIGH)
  • CVE-2026-53851 OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite... (5.3 MEDIUM)
  • CVE-2026-53850 OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated caller... (5.5 MEDIUM)
  • CVE-2026-53844 OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated call... (6.5 MEDIUM)