Primary

Context

Concrete CMS Unauthenticated Page Metadata Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in Concrete CMS versions through 9.5.0, allowing unauthenticated users to access page metadata across all pages with a summary template. This exposure includes the titles, paths, descriptions, authors, and the existence of private, draft, and restricted pages. The vulnerability arises from the platform's handling of summary templates, which inadvertently leaks sensitive information.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of page metadata, including titles, paths, descriptions, authors, and the status of pages (private, draft, or restricted).

Remediation

Users can upgrade to Concrete CMS version 9.5.1 or later to address this vulnerability.

Added: May 21, 2026, 10:33 PM

Updated: May 21, 2026, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.8

remediation

7.7

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.8

remediation

7.7

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Concrete CMS Unauthenticated Page Metadata Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Concrete CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating