Description
An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Recommendation
Update the fuxa-server package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.2.9
- Patched version(s): 1.2.10
References
Related Issues
- FUXA Unauthenticated Remote Arbitrary Device Tag Write - CVE-2026-25752
- FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API - CVE-2026-25895
- FUXA Unauthenticated Remote Arbitrary Scheduler Write - CVE-2026-25939
- FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration - CVE-2026-25894
- Tags:
- npm
- fuxa-server
Anything's wrong? Let us know Last updated on February 06, 2026