QSearchQSearch

CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends

Published: 2026-06-05 · Last updated: 2026-06-08

Severity and scoring

CWE
CWE-613

Description

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to authenticated CMS functionality, bypassing the intended session termination mechanism and enabling unauthorized access to CMS metadata and administrative functions. Version 26.0.0 fixes the issue.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-46657 Bludit is a content management system (7.1 HIGH)
  • CVE-2026-46656 Bludit is a content management system (8.8 HIGH)
  • CVE-2026-48726 A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: t... (6.5 MEDIUM)
  • CVE-2026-44648 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generat... (7.5 HIGH)
  • CVE-2026-9802 A flaw was found in Keycloak (6.8 MEDIUM)