Vulnerability Details CVE-2026-25939
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10,
an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This has been patched in FUXA version 1.2.11.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.6%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2026-25939
-
cpe:2.3:a:frangoteam:fuxa:1.2.10
-
cpe:2.3:a:frangoteam:fuxa:1.2.8
-
cpe:2.3:a:frangoteam:fuxa:1.2.9