CVE-2026-10721
CVE-2026-10721
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialize…
Vulnerability class: Insecure Deserialization