CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

Missing Authentication for Critical Function

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative acce...

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

Missing Authentication for Critical Function

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /nodered/flows endpoint when the Node-RED plugin is enabled. An attacker can gain administrative access an...

GHSA-V4P5-W6R3-2X4F FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

CVE-2026-25938

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

Authentication Bypass

FUXA-server is vulnerable to an Authentication Bypass. The vulnerability is due to improper authentication enforcement when the Node-RED plugin is enabled, which allows an unauthenticated remote attacker to execute arbitrary code on the server...

FUXA 访问控制错误漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions 1.2.8 to 1.2.10 of FUXA contain an access control vulnerability. This vulnerability stems from an authentication bypass when the Node-RED plugin is enabled, allowing unverified remote attackers to execute arbitra...

PT-2026-7182

Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 through 1.2.10 Description FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authentication bypass in FUXA allows a remote attacker to execute arbitrary code on the server when the Node-RED plugin i...