{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46399", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-05-13T21:04:10.932Z", "datePublished": "2026-06-05T18:13:15.808Z", "dateUpdated": "2026-06-08T16:17:13.761Z"}, "containers": {"cna": {"title": "Authenticated Remote Code Execution via File Overwrite", "problemTypes": [{"descriptions": [{"cweId": "CWE-15", "lang": "en", "description": "CWE-15: External Control of System or Configuration Setting", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j"}], "affected": [{"vendor": "haxtheweb", "product": "haxcms-nodejs", "versions": [{"version": "< 26.0.0", "status": "affected"}]}, {"vendor": "haxtheweb", "product": "haxcms-php", "versions": [{"version": "< 26.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-05T18:13:15.808Z"}, "descriptions": [{"lang": "en", "value": "HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue."}], "source": {"advisory": "GHSA-q759-vxg8-vq5j", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-08T16:16:41.003653Z", "id": "CVE-2026-46399", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T16:17:13.761Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-46399", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-08T16:16:41.003653Z"}}}], "references": [{"url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T16:17:08.097Z"}}], "cna": {"title": "Authenticated Remote Code Execution via File Overwrite", "source": {"advisory": "GHSA-q759-vxg8-vq5j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "haxtheweb", "product": "haxcms-nodejs", "versions": [{"status": "affected", "version": "< 26.0.0"}]}, {"vendor": "haxtheweb", "product": "haxcms-php", "versions": [{"status": "affected", "version": "< 26.0.0"}]}], "references": [{"url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j", "name": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-15", "description": "CWE-15: External Control of System or Configuration Setting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-05T18:13:15.808Z"}}}, "cveMetadata": {"cveId": "CVE-2026-46399", "state": "PUBLISHED", "dateUpdated": "2026-06-08T16:17:13.761Z", "dateReserved": "2026-05-13T21:04:10.932Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-05T18:13:15.808Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue."}], "id": "CVE-2026-46399", "lastModified": "2026-06-08T17:16:50.933", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-06-05T19:16:33.960", "references": [{"source": "[email protected]", "url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q759-vxg8-vq5j"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-15"}, {"lang": "en", "value": "CWE-73"}, {"lang": "en", "value": "CWE-78"}], "source": "[email protected]", "type": "Secondary"}]}

{}