CNNVD-202602-340 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-340
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
FUXA是frangoteam开源的一个基于web的过程可视化软件。 FUXA 1.2.7版本存在安全漏洞,该漏洞源于server/api/jwt-helper.js中使用硬编码密钥签署和验证JWT令牌,可能导致远程攻击者伪造有效的管理员令牌并绕过身份验证以获得完全管理权限。
Description (English)
FUXA is a web-based process visualization software that is an open source for francoteam. FUXA version 1.2.7 contains a security loophole, which stems from the use of hard-coded keys for signing and authenticating JWT badges in server/api/jwt-helper.js, which may result in remote assailants falsifying valid administrator badges and bypassing identification to obtain full managerial authority.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
frangoteam
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
Patch
https://github.com/frangoteam/FUXA/releases
Share on: