We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2026-46399

CVE-2026-46399

PHP

Severity: —
CVSS: —CVSS
Published: 2026-06-05
Last modified: 2026-06-05
CWE: CWE-15CWE-73CWE-78

Description

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue.

References

https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j

Summary

Description

References