CVE-2026-46399— HAX 操作系统命令注入漏洞

Authenticated Remote Code Execution via File Overwrite

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CMS server. Version 26.0.0 patches the issue.

N/A

系统设置或配置在外部可控制

HAX 操作系统命令注入漏洞

HAX是HAX The Web开源的一个HAX+CMS使用PHP后端管理的微型网站。 HAX 26.0.0之前版本存在操作系统命令注入漏洞，该漏洞源于存在经过身份验证的文件覆盖漏洞，可能导致攻击者配置恶意Git过滤器命令并在HAX CMS服务器上实现代码执行。

N/A

N/A