CVE-2026-25951

High CVSS: 8.6

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11.

Vendor

Frangoteam

Product

Fuxa

CWE

CWE-22

Yayın Tarihi

2026-02-09 23:16:06

Güncelleme

2026-02-13 20:28:36

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Fuxa HIGH Frangoteam 2026

Referanslar

https://github.com/frangoteam/FUXA/commit/f7a9f04b2ab97ab5421e4ec4e711c51e9f4b65c8 https://github.com/frangoteam/FUXA/releases/tag/v1.2.11 https://github.com/frangoteam/FUXA/security/advisories/GHSA-68m5-5w2h-h837

Benzer Kayıtlar

Critical

CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnera…

Critical

CVE-2026-25938

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication b…

Critical

CVE-2026-25939

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authori…

Critical

CVE-2026-25893

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vuln…

Critical

CVE-2026-25894

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allo…

Critical

CVE-2026-25895

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows…