CNNVD-202602-1411 Information

CNNVD ID

CNNVD-202602-1411

Related CVE

CVE-2026-25893

• CNNVD Published: 2026-02-09

Description (Chinese)

FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.10之前版本存在授权问题漏洞，该漏洞源于心跳刷新API存在身份验证绕过，可能导致未经验证的远程攻击者获得管理员权限并执行任意代码。

Description (English)

FUXA is a web-based process visualization software that is an open source for francoteam. The previous version of FUXA 1.2.10 had a mandate gap, which stemmed from the presence of an API identification bypassed by a new heart beat, which could lead uncertified remote assailants to access administrator privileges and enforce arbitrary codes.

Vulnerability Type

授权问题

Affected Vendor

frangoteam

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/frangoteam/FUXA/commit/fe82348d160904d0013b9a3e267d50158f5c7afb https://github.com/frangoteam/FUXA/security/advisories/GHSA-vwcg-c828-9822

Patch

https://github.com/frangoteam/FUXA/releases