CVE Catalog

CVE-2026-46393

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

HAX CMS, which manages microsites with PHP or NodeJs backends, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0. This allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory.

Risk Assessment

This vulnerability allows for arbitrary file read and internal network access, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to upgrade HAX CMS to version 26.0.0 or later to mitigate this vulnerability.

Original NVD description (English source)

HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access. Version 26.0.0 contains a fix.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS