CVE-2026-25939: FUXA Unauthenticated Remote Arbitrary Scheduler Write
An authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This vulnerability affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11.
References
- github.com/advisories/GHSA-c869-jx4c-q5fc
- github.com/frangoteam/FUXA
- github.com/frangoteam/FUXA/commit/aced6ad0b6089eea4e5cef51c0a88bf4f308d45f
- github.com/frangoteam/FUXA/pull/2174
- github.com/frangoteam/FUXA/releases/tag/v1.2.11
- github.com/frangoteam/FUXA/security/advisories/GHSA-c869-jx4c-q5fc
- nvd.nist.gov/vuln/detail/CVE-2026-25939
Code Behaviors & Features
Detect and mitigate CVE-2026-25939 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →