A vulnerability classified as critical was found in haxtheweb haxcms-nodejs and haxcms-php up to 25.x . This vulnerability affects unknown code. Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2026-46393 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.