← voltar
CVE-2026-46357

HAX CMS NodeJS application Vulnerable to Denial of Service using Malicious Import Request

CVSS 6.5 MEDIUMEPSS 0.2%CWE-20
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Version 26.0.0 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
haxtheweb · haxcms-nodejs

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/haxtheweb/issues/security/advisories/GHSA-9r33-xhw8-4qqp