CVE-2026-46395 | haxtheweb haxcms-nodejs up to 25.x PHP Backend hmacBase64 key information disclosure (GHSA-6c8g-9hfh-pq5h)

A vulnerability was found in haxtheweb haxcms-nodejs up to 25.x. It has been rated as problematic. This issue affects the function hmacBase64 of the component PHP Backend. This manipulation of the argument key causes information disclosure.

This vulnerability is tracked as CVE-2026-46395. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More