CVEFinder.io

CVE-2026-6826

🔶 medium
🔍 Scan for this CVE
Summary

Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a list of every page that references that file, including page IDs, handles, and full URLs. This includes pages that are otherwise restricted by permissions.The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.9 with vector CVSS

Description

Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a list of every page that references that file, including page IDs, handles, and full URLs. This includes pages that are otherwise restricted by permissions.The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.9 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks Eldudareeno for reporting.

CVSS Score
5.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-21
First Seen: 2026-05-22
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 328,009 vulnerabilities in our database.

#263,349
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 22, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Eldudarino Trinsec (reporter)
SSVC data provided by CISA
Last Modified 2026-05-26
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-200

📦 Affected Products 1

Vendor Product Status Affected Versions
concretecms concrete_cms Affected
< 9.5.1

🔗 References 1

https://documentation.concretecms.org/9-x/developers...
Release Notes

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-8340 🔶 medium 4.3 0.0 Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_contents p... 2026-05-22
CVE-2026-8347 🔶 medium 4.3 0.0 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog... 2026-05-22
CVE-2026-8353 🔶 medium 4.8 0.0 Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inj... 2026-05-22
CVE-2026-8134 ⚠️ high 7.2 0.5 Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTempl... 2026-05-21
CVE-2026-8135 ⚠️ high 7.2 0.2 Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the E... 2026-05-21
CVE-2026-8140 🔶 medium 6.5 0.0 Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/down... 2026-05-21
These CVEs affect the same products