CVE-2026-46400: CWE-434: Unrestricted Upload of File with Dangerous Type in haxtheweb haxcms-php
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attackers to upload malicious files (e.g., PHP webshells) disguised as legitimate image files, potentially leading to remote code execution. Version 25.0.0 contains a fix for the issue.
AI Analysis
Technical Summary
CVE-2026-46400 is a vulnerability in haxtheweb's haxcms-php where the file upload feature inadequately validates uploaded files by only checking file extensions with a regex pattern. This insufficient validation allows attackers to upload files with dangerous content (e.g., PHP webshells) disguised as benign image files. The vulnerability affects versions starting from 11.0.6 up to but not including 25.0.0. The issue is resolved in version 25.0.0, which implements proper validation beyond just file extensions.
Potential Impact
Successful exploitation can lead to remote code execution on the affected system due to the upload of malicious executable files disguised as images. This can compromise the integrity and confidentiality of the system running haxcms-php versions prior to 25.0.0. The CVSS 4.0 score of 8.7 reflects a high severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Upgrade haxcms-php to version 25.0.0 or later, where the vulnerability is fixed by improved file upload validation that checks file content and MIME type, not just file extensions. Since no official patch or temporary fix is listed other than the version upgrade, applying this update is the recommended remediation. Patch status is confirmed by the vendor's versioning information indicating the fix is included starting in version 25.0.0.
CVE-2026-46400: CWE-434: Unrestricted Upload of File with Dangerous Type in haxtheweb haxcms-php
Description
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attackers to upload malicious files (e.g., PHP webshells) disguised as legitimate image files, potentially leading to remote code execution. Version 25.0.0 contains a fix for the issue.
CVSS v4.0
Score 8.7high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46400 is a vulnerability in haxtheweb's haxcms-php where the file upload feature inadequately validates uploaded files by only checking file extensions with a regex pattern. This insufficient validation allows attackers to upload files with dangerous content (e.g., PHP webshells) disguised as benign image files. The vulnerability affects versions starting from 11.0.6 up to but not including 25.0.0. The issue is resolved in version 25.0.0, which implements proper validation beyond just file extensions.
Potential Impact
Successful exploitation can lead to remote code execution on the affected system due to the upload of malicious executable files disguised as images. This can compromise the integrity and confidentiality of the system running haxcms-php versions prior to 25.0.0. The CVSS 4.0 score of 8.7 reflects a high severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Upgrade haxcms-php to version 25.0.0 or later, where the vulnerability is fixed by improved file upload validation that checks file content and MIME type, not just file extensions. Since no official patch or temporary fix is listed other than the version upgrade, applying this update is the recommended remediation. Patch status is confirmed by the vendor's versioning information indicating the fix is included starting in version 25.0.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T21:04:10.932Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a232492e29bf47b50b16f67
Added to database: 6/5/2026, 7:33:38 PM
Last enriched: 6/5/2026, 7:48:37 PM
Last updated: 6/5/2026, 8:47:07 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.