CVE-2026-46397 | haxtheweb haxcms-php/haxcms-nodejs up to 25.x saveOutline Endpoint site.json location path traversal (GHSA-7fr7-h4p3-jjr8)

A vulnerability categorized as critical has been discovered in haxtheweb haxcms-php and haxcms-nodejs up to 25.x. This affects an unknown function of the file site.json of the component saveOutline Endpoint. Executing a manipulation of the argument location can lead to path traversal.

This vulnerability is tracked as CVE-2026-46397. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More