CVE-2026-46390

Vulnerability Description

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue.

Vulnerability Details

Published Date

June 05, 2026

Last Modified

June 05, 2026

CWE ID

CWE-639

Source

NVD

Vendor

haxtheweb

Product

haxcms-php

External References

https://github.com/haxtheweb/issues/security/advisories/GHSA-6434-8rch-w65c

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment