Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2zyb-q6bf-c7d1
Vulnerability ID VCID-2zyb-q6bf-c7d1
Aliases CVE-2026-25939
GHSA-c869-jx4c-q5fc
Summary FUXA Unauthenticated Remote Arbitrary Scheduler Write An authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This vulnerability affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-862 Missing Authorization
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv4 9.3 https://github.com/frangoteam/FUXA
generic_textual CRITICAL https://github.com/frangoteam/FUXA
cvssv4 9.3 https://github.com/frangoteam/FUXA/commit/5782b35117a9bd14ffcb881f8dfb8c6680157d9b
generic_textual CRITICAL https://github.com/frangoteam/FUXA/commit/5782b35117a9bd14ffcb881f8dfb8c6680157d9b
cvssv4 9.3 https://github.com/frangoteam/FUXA/commit/aced6ad0b6089eea4e5cef51c0a88bf4f308d45f
generic_textual CRITICAL https://github.com/frangoteam/FUXA/commit/aced6ad0b6089eea4e5cef51c0a88bf4f308d45f
cvssv4 9.3 https://github.com/frangoteam/FUXA/pull/2174
generic_textual CRITICAL https://github.com/frangoteam/FUXA/pull/2174
cvssv4 9.3 https://github.com/frangoteam/FUXA/releases/tag/v1.2.11
generic_textual CRITICAL https://github.com/frangoteam/FUXA/releases/tag/v1.2.11
cvssv4 9.3 https://github.com/frangoteam/FUXA/security/advisories/GHSA-c869-jx4c-q5fc
generic_textual CRITICAL https://github.com/frangoteam/FUXA/security/advisories/GHSA-c869-jx4c-q5fc
cvssv4 9.3 https://nvd.nist.gov/vuln/detail/CVE-2026-25939
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2026-25939
Reference id Reference type URL
https://github.com/frangoteam/FUXA
https://github.com/frangoteam/FUXA/commit/5782b35117a9bd14ffcb881f8dfb8c6680157d9b
https://github.com/frangoteam/FUXA/commit/aced6ad0b6089eea4e5cef51c0a88bf4f308d45f
https://github.com/frangoteam/FUXA/pull/2174
https://github.com/frangoteam/FUXA/releases/tag/v1.2.11
CVE-2026-25939 https://nvd.nist.gov/vuln/detail/CVE-2026-25939
GHSA-c869-jx4c-q5fc https://github.com/advisories/GHSA-c869-jx4c-q5fc
GHSA-c869-jx4c-q5fc https://github.com/frangoteam/FUXA/security/advisories/GHSA-c869-jx4c-q5fc
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H Found at https://github.com/frangoteam/FUXA
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H Found at https://github.com/frangoteam/FUXA/commit/5782b35117a9bd14ffcb881f8dfb8c6680157d9b
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H Found at https://github.com/frangoteam/FUXA/commit/aced6ad0b6089eea4e5cef51c0a88bf4f308d45f
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H Found at https://github.com/frangoteam/FUXA/pull/2174
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H Found at https://github.com/frangoteam/FUXA/releases/tag/v1.2.11
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H Found at https://github.com/frangoteam/FUXA/security/advisories/GHSA-c869-jx4c-q5fc
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-25939
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:50:03.309361+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/fuxa-server/CVE-2026-25939.yml 38.6.0