Directory Traversal Flaw in FUXA Software by FrangoTeam
CVE-2026-25951

8.6HIGH

Key Information:

Vendor

Frangoteam

Status
Fuxa
Vendor
CVE Published:
9 February 2026

What is CVE-2026-25951?

FUXA, a web-based process visualization software, is vulnerable due to inadequate sanitization in its path handling logic. This flaw allows authenticated attackers with administrative access to manipulate directory paths using nested traversal sequences. By executing these sequences, attackers can write arbitrary files to critical areas of the server's filesystem, including sensitive directories. If the server processes these malicious scripts, it may lead to remote code execution, posing significant security risks. The issue has been addressed in version 1.2.11.

Affected Version(s)

FUXA < 1.2.11

References

https://github.com/frangoteam/FUXA/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/frangoteam/FUXA/commit/f7a9f04b2ab97ab...
x_refsource_MISC
https://github.com/frangoteam/FUXA/releases/tag/v1.2.11
x_refsource_MISC

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.