CVE-2026-46399 | haxtheweb haxcms-nodejs/haxcms-php up to 25.x external control of setting (GHSA-q759-vxg8-vq5j)

A vulnerability categorized as critical has been discovered in haxtheweb haxcms-nodejs and haxcms-php up to 25.x. Impacted is an unknown function. Such manipulation leads to external control of system or configuration setting.

This vulnerability is listed as CVE-2026-46399. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More