CVE Catalog

CVE-2026-46357

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

19th percentile - higher than 19% of all known CVEs

Summary

HAX CMS is a microsite management system with PHP or NodeJS backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint.

Risk Assessment

A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. This can lead to downtime in system operations.

Recommendation

It is recommended to upgrade to version 26.0.0, which fixes the issue. Additionally, server logs should be monitored for potential attack attempts.

Original NVD description (English source)

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Version 26.0.0 fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS