Loading market data...
← Back to CVE feed

CVE-2026-10721

UNKNOWN View on NVD ↗

Description

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 for reporting.

Published: Jun 10, 2026 08:16 UTC Modified: Jun 10, 2026 20:11 UTC