CVE-2026-10721EPSS p3.6%

CVE-2026-10721CVE-2026-10721

Description

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 for reporting.

Scoring

EPSS0.14% probability of exploitation · percentile 3.6% · 2026-06-17T12:03:21Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7888
CVE
CVE-2026-8421
CVE
CVE-2026-8412
CVE
CVE-2026-8426
CVE
CVE-2026-22500
CVE
CVE-2025-53299
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.