CNNVD-202602-1404 Information

CNNVD ID

CNNVD-202602-1404

Related CVE

CVE-2026-25951

• CNNVD Published: 2026-02-09

Description (Chinese)

FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.11之前版本存在安全漏洞，该漏洞源于路径清理逻辑存在缺陷，可能导致经过身份验证的管理员绕过目录遍历防护，进而实现远程代码执行。

Description (English)

FUXA is a web-based process visualization software that is an open source for francoteam. A security loophole existed in the previous version of FUXA 1.2.11, which stemmed from flaws in the logic of the path clean-up, which could lead to remote code execution by an identified administrator bypassing the directory.

Vulnerability Type

其他

Affected Vendor

frangoteam

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/frangoteam/FUXA/commit/f7a9f04b2ab97ab5421e4ec4e711c51e9f4b65c8 https://github.com/frangoteam/FUXA/releases/tag/v1.2.11 https://github.com/frangoteam/FUXA/security/advisories/GHSA-68m5-5w2h-h837

Patch

https://github.com/frangoteam/FUXA/releases/