CVE-2026-25751: FUXA Unauthenticated Exposure of Plaintext Database Credentials

February 5, 2026 (updated February 6, 2026)

An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

References

github.com/advisories/GHSA-c5gq-4h56-4mmx
github.com/frangoteam/FUXA
github.com/frangoteam/FUXA/commit/c6c4cba1a62545e8e3ae0f43b2269e61209fbee8
github.com/frangoteam/FUXA/releases/tag/v1.2.10
github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx
nvd.nist.gov/vuln/detail/CVE-2026-25751

Code Behaviors & Features

Detect and mitigate CVE-2026-25751 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →