Vulnerability Details CVE-2026-25938
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA version 1.2.11.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.9%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2026-25938
-
cpe:2.3:a:frangoteam:fuxa:1.2.10
-
cpe:2.3:a:frangoteam:fuxa:1.2.8
-
cpe:2.3:a:frangoteam:fuxa:1.2.9