Home > Vulnerability Database > CVE-2026-25938

Mend.io Vulnerability Database

CVE-2026-25938

Good to know:

Date: February 9, 2026

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA version 1.2.11.

Severity Score

10.0

Related Resources (6)

Url: https://github.com/frangoteam/FUXA/security/advisories/GHSA-v4p5-w6r3-2x4f

Url: https://github.com/frangoteam/FUXA/commit/5e7679b09718534e4501a146fdfe093da29af336

Url: https://github.com/frangoteam/FUXA

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-25938

Url: https://github.com/frangoteam/FUXA/releases/tag/v1.2.11

Url: https://www.mend.io/vulnerability-database/CVE-2026-25938

Severity Score

10.0

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

Authentication Bypass by Spoofing

CWE-290

Top Fix

Upgrade Version

Upgrade to version https://github.com/frangoteam/FUXA.git - v1.2.11

Learn More

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-25938

Good to know:

Date: February 9, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?