CVE-2026-46399: CWE-15: External Control of System or Configuration Setting in haxtheweb haxcms-nodejs
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue.
AI Analysis
Technical Summary
HAX CMS, a content management system with PHP and NodeJs backends, has an authenticated file overwrite vulnerability in its PHP version before 26.0.0. This flaw permits an attacker with authentication to manipulate system or configuration settings by overwriting files, specifically to set malicious Git filter commands. Successful exploitation results in remote code execution on the server hosting HAX CMS. Version 26.0.0 includes a patch that addresses this vulnerability. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no user interaction, and high impacts on confidentiality, integrity, availability, and security requirements.
Potential Impact
An authenticated attacker can overwrite files to configure malicious Git filter commands, leading to remote code execution on the HAX CMS server. This compromises the confidentiality, integrity, and availability of the affected system. The vulnerability is critical due to the potential for full system compromise.
Mitigation Recommendations
Upgrade the PHP version of HAX CMS to version 26.0.0 or later, which contains the official patch for this vulnerability. Since the vendor advisory confirms the issue is fixed in version 26.0.0, applying this update fully mitigates the risk. No additional mitigation steps are indicated.
CVE-2026-46399: CWE-15: External Control of System or Configuration Setting in haxtheweb haxcms-nodejs
Description
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue.
CVSS v4.0
Score 9.4critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
HAX CMS, a content management system with PHP and NodeJs backends, has an authenticated file overwrite vulnerability in its PHP version before 26.0.0. This flaw permits an attacker with authentication to manipulate system or configuration settings by overwriting files, specifically to set malicious Git filter commands. Successful exploitation results in remote code execution on the server hosting HAX CMS. Version 26.0.0 includes a patch that addresses this vulnerability. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no user interaction, and high impacts on confidentiality, integrity, availability, and security requirements.
Potential Impact
An authenticated attacker can overwrite files to configure malicious Git filter commands, leading to remote code execution on the HAX CMS server. This compromises the confidentiality, integrity, and availability of the affected system. The vulnerability is critical due to the potential for full system compromise.
Mitigation Recommendations
Upgrade the PHP version of HAX CMS to version 26.0.0 or later, which contains the official patch for this vulnerability. Since the vendor advisory confirms the issue is fixed in version 26.0.0, applying this update fully mitigates the risk. No additional mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T21:04:10.932Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a231d8ae29bf47b50a9834f
Added to database: 6/5/2026, 7:03:38 PM
Last enriched: 6/5/2026, 7:18:45 PM
Last updated: 6/6/2026, 6:08:26 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.