CVE-2026-46394 | haxtheweb haxcms-php up to 25.x HAXcms PHP Backend Git.php proc_open os command injection (GHSA-6jf3-9fgh-cmfr)

A vulnerability, which was classified as critical, has been found in haxtheweb haxcms-php up to 25.x. This impacts the function proc_open of the file Git.php of the component HAXcms PHP Backend. This manipulation causes os command injection.

This vulnerability is handled as CVE-2026-46394. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More