CVE-2026-46394

CVE-2026-46394

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings u…

Vulnerability class: Command Injection (OS Command Injection)

Weakness classification (CWE)

References