GHSA-ggxw-g3cp-mgf8: FUXA Unauthenticated Remote Arbitrary Device Tag Write

February 5, 2026

Description An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

References

github.com/advisories/GHSA-ggxw-g3cp-mgf8
github.com/frangoteam/FUXA
github.com/frangoteam/FUXA/commit/eb2d8a20964ce7acaa0f442a181390a5f726a1ae
github.com/frangoteam/FUXA/security/advisories/GHSA-ggxw-g3cp-mgf8

Code Behaviors & Features

Detect and mitigate GHSA-ggxw-g3cp-mgf8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →