PatchSiren cyber security CVE debrief
CVE-2026-46401 haxtheweb CVE debrief
CVE-2026-46401 is a MEDIUM severity vulnerability in HAX CMS, a microsite universe management system, which allows attackers to maintain persistent access to authenticated CMS functionality after a user logs out. This is due to an improper session termination mechanism, where authentication tokens remain valid even after logout.
- Vendor
- haxtheweb
- Product
- issues
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-08
Who should care
Users of HAX CMS, especially those using versions prior to 26.0.0, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.3 and is classified as CWE-613. It allows attackers with valid tokens to bypass the intended session termination mechanism and access CMS metadata and administrative functions.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to version 26.0.0 or later of HAX CMS.
- Review and update authentication token management to ensure proper session termination.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].
Official resources
-
CVE-2026-46401 CVE record
CVE.org
-
CVE-2026-46401 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-46401 was published on [cvePublishedAt] and modified on [cveModifiedAt].