NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-10721

Summary	Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 for reporting.
Publication Date	June 10, 2026, 5:16 p.m.
Registration Date	June 11, 2026, 4:17 a.m.
Last Update	June 10, 2026, 5:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://documentation.concretecms.org/9-x/developers/introduction/version-history/952-release-notes	ff5b8ace-8b95-4078-9743-eac1ca5451de

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html