PatchSiren cyber security CVE debrief
CVE-2026-46493 haxtheweb CVE debrief
CVE-2026-46493 is a HIGH severity vulnerability in HAX CMS, a microsite universe management system. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. This vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- haxtheweb
- Product
- haxcms-php
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of HAX CMS versions prior to 26.0.1 should update to version 26.0.1 or later to address this vulnerability.
Technical summary
The vulnerability is caused by the use of `uniqid` for generating salts in HAX CMS versions prior to 26.0.1. This was fixed in version 26.0.1.
Defensive priority
HIGH
Recommended defensive actions
- Update to version 26.0.1 or later
Evidence notes
The CVE-2026-46493 record and NVD detail can be found at [resourceLinkAnnotations:cve-org] and [resourceLinkAnnotations:nvd], respectively.
Official resources
CVE-2026-46493 was published on 2026-06-05T20:17:34.490Z and modified on 2026-06-05T20:48:21.200Z.