CVE-2026-46493

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Jun 05, 2026

Vendor unknown

Description

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.

References

https://github.com/haxtheweb/haxcms-php/blob/8b8845b16e521a326929471e16903f60c6638e8f/install.php#L188-L191
https://github.com/haxtheweb/haxcms-php/commit/4b83cbdf8782c75bdcdd4f57ba72fba1c6dac147
https://github.com/haxtheweb/issues/security/advisories/GHSA-xg43-xm47-74cp