CVE-2026-46493

Summary

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
haxthewebhaxcms-php< 26.0.1affected

Weaknesses

  • CWE-338: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References