CVE-2026-46398 | haxtheweb haxcms-php up to 25.x missing secure attribute (GHSA-g7v2-r32q-jf5v)

A vulnerability identified as problematic has been detected in haxtheweb haxcms-php up to 25.x. The affected element is an unknown function. Performing a manipulation results in sensitive cookie without secure attribute.

This vulnerability is cataloged as CVE-2026-46398. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More