CVE-2026-46393
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk15th percentile - higher than 15% of all known CVEs
Summary
HAX CMS, which manages microsites with PHP or NodeJs backends, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0. This allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory.
Risk Assessment
This vulnerability allows for arbitrary file read and internal network access, potentially leading to serious security breaches within the organization.
Recommendation
It is recommended to upgrade HAX CMS to version 26.0.0 or later to mitigate this vulnerability.
Original NVD description (English source)
HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access. Version 26.0.0 contains a fix.

