CVE-2026-6826 in Concrete정보

요약

\~에 의해 MITRE • 2026. 05. 22.

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a list of every page that references that file, including page IDs, handles, and full URLs. This includes pages that are otherwise restricted by permissions.The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.9 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks Eldudareeno for reporting.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

ConcreteCMS

예약하다

2026. 04. 21.

공개

2026. 05. 22.

모더레이션

수락

항목

VDB-365086

CPE

준비됨

CWE

CWE-200 (확인됨)

CVSS

5.3 (VulDB)

EPSS

0.00025

KEV

아니요

활동

매우 낮음

부문

Hostingprovider, Agriculture, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6826
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6826
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6826/

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!