CVE-2026-10721 – Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components

CVE ID :CVE-2026-10721

Published : June 10, 2026, 8:16 a.m. | 22 minutes ago

Description :Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 for reporting.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9019 – Easy Image Collage

CVE-2026-8853 – MW WP Form

CVE-2026-8613 – aThemes Addons for Elementor

CVE-2026-9067 – Schema & Structured Data for WP & AMP < 1.60 – Unauthenticated Arbitrary Media Upload