CVE-2026-46357
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk19th percentile - higher than 19% of all known CVEs
Summary
HAX CMS is a microsite management system with PHP or NodeJS backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint.
Risk Assessment
A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. This can lead to downtime in system operations.
Recommendation
It is recommended to upgrade to version 26.0.0, which fixes the issue. Additionally, server logs should be monitored for potential attack attempts.
Original NVD description (English source)
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Version 26.0.0 fixes the issue.

