CNNVD-202602-1406 Information

CNNVD ID

CNNVD-202602-1406

Related CVE

CVE-2026-25938

• CNNVD Published: 2026-02-09

Description (Chinese)

FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.8版本至1.2.10版本存在访问控制错误漏洞，该漏洞源于启用Node-RED插件时存在身份验证绕过，可能导致未经验证的远程攻击者执行任意代码。

Description (English)

FUXA is a web-based process visualization software that is an open source for francoteam. FUXA Versions 1.2.8 to 1.2.10 have access control bugs, which stem from the existence of an identification bypass when the Node-RED plugin is enabled, which may result in unauthorized remote assailants performing any code.

Vulnerability Type

访问控制错误

Affected Vendor

frangoteam

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/frangoteam/FUXA/commit/5e7679b09718534e4501a146fdfe093da29af336 https://github.com/frangoteam/FUXA/releases/tag/v1.2.11 https://github.com/frangoteam/FUXA/security/advisories/GHSA-v4p5-w6r3-2x4f

Patch

https://github.com/frangoteam/FUXA/releases/