FUXA Hard-Coded Credential Vulnerability in JWT Token Management

Vulnerability

A hard-coded credential vulnerability exists in FUXA version 1.2.7 within the JWT token management module. The application uses a fixed secret key to sign and verify JSON Web Tokens, enabling remote attackers to forge valid admin tokens. This exploitation allows them to bypass authentication and gain full administrative access.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to gain administrative privileges.

Added: Feb 3, 2026, 6:33 PM

Updated: Feb 3, 2026, 6:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

8.1

remediation

0.0

relevance

2.5

threat

3.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

8.1

remediation

0.0

relevance

2.5

threat

3.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FUXA Hard-Coded Credential Vulnerability in JWT Token Management

Vulnerability

Impact

Affected Products

frangoteam FUXA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating