Vulnerability in N/a

CVE-2026-30662

ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive…

EPSS: 0.001 (18.7th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References