CVE-2026-46399
Authenticated Remote Code Execution via File Overwrite
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue.
| CWE | CWE-15 CWE-73 CWE-78 |
| Vendor | haxtheweb |
| Product | haxcms-nodejs |
| Published | Jun 5, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for haxtheweb haxcms-nodejs
Be the first to know when new unknown vulnerabilities affecting haxtheweb haxcms-nodejs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
haxtheweb / haxcms-nodejs
< 26.0.0
haxtheweb / haxcms-php
< 26.0.0