CVE-2026-25939
CRITICAL WAF: Low
CVSS 9.1
Published: 2026-02-09
CWE-862
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This has been patched in FUXA version 1.2.11.
WAF Coverage Analysis
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| frangoteam | fuxa | 1.2.8 - 1.2.11 |
References
- github.com (Patch)
- github.com (Release Notes)
- github.com (Vendor Advisory)