CNNVD-202602-1409 Information

CNNVD ID

CNNVD-202602-1409

Related CVE

CVE-2026-25895

• CNNVD Published: 2026-02-09

Description (Chinese)

FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.9及之前版本存在访问控制错误漏洞，该漏洞源于存在路径遍历，可能导致未经验证的远程攻击者向服务器文件系统任意位置写入任意文件。

Description (English)

FUXA is a web-based process visualization software that is an open source for francoteam. FUXA 1.2.9 and previous versions have access control error holes that stem from the existence of routing, which could lead uncertified remote assailants to write random files at any location in the server file system.

Vulnerability Type

访问控制错误

Affected Vendor

frangoteam

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/frangoteam/FUXA/commit/22c2192f5d9beef8a787c45eff3a14c24dbb5f96 https://github.com/frangoteam/FUXA/releases/tag/v1.2.10 https://github.com/frangoteam/FUXA/security/advisories/GHSA-88qh-cphv-996c

Patch

https://github.com/frangoteam/FUXA/releases/