CVE-2026-46393EPSS p14.6%

CVE-2026-46393CVE-2026-46393

Description

HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access. Version 26.0.0 contains a fix.

Scoring

EPSS0.24% probability of exploitation · percentile 14.6% · 2026-06-18T12:00:27Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46397
CVE
CVE-2026-46396
CVE
CVE-2026-46399
CVE
CVE-2026-46357
CVE
CVE-2026-46391
CVE
CVE-2026-46496
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.