FUXA Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in FUXA version 1.2.7, specifically within the project import feature. The application fails to adequately sanitize or sandbox user-provided scripts in imported project files, allowing an attacker to upload a malicious project that executes system commands, potentially leading to a complete system compromise.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where FUXA is running.

Added: Feb 3, 2026, 6:31 PM

Updated: Feb 3, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FUXA Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

frangoteam FUXA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating