[HIGH] Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection

PKSA-79x2-hpny-rxg9 CVE-2026-3452 GHSA-gj26-w59c-29mf

Affected package: concrete5/concrete5

Affected version: <9.4.8

Reported by:
GitHub