CVE Catalog

CVE-2026-46399

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

HAX CMS versions prior to 26.0.0 have an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands, leading to code execution on the HAX CMS server.

Risk Assessment

Exploitation of this vulnerability could lead to full control over the HAX CMS server, posing a serious threat to data and system security.

Recommendation

It is recommended to upgrade HAX CMS to version 26.0.0 or later to mitigate this vulnerability.

Original NVD description (English source)

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS