EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Storyline

Multiple critical and high-severity vulnerabilities disclosed in HAXcms

A series of security advisories reveal multiple vulnerabilities in HAXcms, including a critical private key disclosure via broken HMAC, high-severity SSRF enabling arbitrary file read, mass token exfiltration with cross-tenant hijack, and stored XSS allowing arbitrary...

Published 2026-05-19 14:44 UTCUpdated 2026-05-19 19:51 UTC
Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
BackEvidence (7)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (1 domains)domains are deduped. counts indicate coverage, not truth.
1 top source shown
HAX CMS: Denial of Service using Malicious Import Request
github_advisories · github.com · 2026-05-19 19:51 UTC
limited source diversity in top sources
View all evidence
Overview

A series of security advisories reveal multiple vulnerabilities in HAXcms, including a critical private key disclosure via broken HMAC, high-severity SSRF enabling arbitrary file read, mass token exfiltration with cross-tenant hijack, and stored XSS allowing arbitrary...

Score total
1.14
Momentum 24h
7
Posts
7
Origins
1
Source types
1
Duplicate ratio
0%
Why now
  • The vulnerabilities were disclosed recently with assigned CVEs, highlighting urgent need for remediation.
  • Multiple high-severity issues in a single platform increase the risk of widespread exploitation.
  • Security teams must prioritize updates to protect against token theft and SSRF attacks in HAXcms.
Why it matters
  • These vulnerabilities expose sensitive data including private keys and tokens, risking unauthorized access and account takeover.
  • Exploitation can lead to cross-tenant hijacking, credential theft, and denial of service, impacting service availability and user security.
  • Prompt awareness and patching are critical to mitigate these high-impact security flaws.
Continuity snapshot
  • Trend status: insufficient_history.
  • Continuity stage: seed.
  • Current status: open.
  • 7 current source-linked posts are attached to this storyline.
All evidence
All evidence
HAX CMS: Denial of Service using Malicious Import Request
github_advisories · github.com · 2026-05-19 19:51 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 1Origin domains: 1Duplicates: -
Showing 1 / 0
Top publishers (this list)
  • github_advisories (1)
Top origin domains (this list)
  • github.com (1)