CVE-2026-46400EPSS p30.3%

CVE-2026-46400CVE-2026-46400

Description

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attackers to upload malicious files (e.g., PHP webshells) disguised as legitimate image files, potentially leading to remote code execution. Version 25.0.0 contains a fix for the issue.

Scoring

EPSS0.39% probability of exploitation · percentile 30.3% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46392
CVE
CVE-2025-32028
CVE
CVE-2026-46399
CVE
CVE-2026-46393
CVE
CVE-2026-46394
CVE
CVE-2026-46396
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.