Search for packages
| purl | pkg:npm/fuxa-server@1.2.11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-13gr-udh9-7qff | FUXA Affected by a Path Traversal Sanitization Bypass A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. It is a new vulnerability a patch bypass for the sanitization in the last release . |
CVE-2026-25951
GHSA-68m5-5w2h-h837 |
| VCID-2rkk-a5kk-jqc5 | FUXA Unauthenticated Remote Code Execution in Node-RED Integration **Description** An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. |
CVE-2026-25938
GHSA-v4p5-w6r3-2x4f |
| VCID-2zyb-q6bf-c7d1 | FUXA Unauthenticated Remote Arbitrary Scheduler Write An authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This vulnerability affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. |
CVE-2026-25939
GHSA-c869-jx4c-q5fc |