CVE-2026-46399
CriticalCVSS 9.4Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
HAX CMS versions prior to 26.0.0 have an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands, leading to code execution on the HAX CMS server.
Risk Assessment
Exploitation of this vulnerability could lead to full control over the HAX CMS server, posing a serious threat to data and system security.
Recommendation
It is recommended to upgrade HAX CMS to version 26.0.0 or later to mitigate this vulnerability.
Original NVD description (English source)
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue.

