Publish GHSA-68m5-5w2h-h837

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-68m5-5w2h-h837/GHSA-68m5-5w2h-h837.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-68m5-5w2h-h837",
-  "modified": "2026-02-10T02:57:28Z",
+  "modified": "2026-02-10T14:18:49Z",
   "published": "2026-02-10T00:29:00Z",
   "aliases": [
     "CVE-2026-25951"
   ],
   "summary": "FUXA Affected by a Path Traversal Sanitization Bypass",
-  "details": "### Summary\nA flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. It is a new vulnerability a patch bypass for the sanitization in the last release .\n\n\n### Details\nThis report describes a new, distinct vulnerability that differs from previous Path Traversal advisories (such as CVE-2023-31718) in several ways:\n\nPatch Bypass (Regression): The vulnerability circumvents the existing sanitization logic implemented to fix previous traversal issues. The current \"single-pass\" regex approach is insufficient against nested sequences.\nExpansion of Scope: Unlike previous reports that focused primarily on /api/download, this bypass affects multiple critical endpoints, including /api/upload, /api/resources/remove, and /api/logs.\nEscalation to RCE: By targeting the \nupload\n and remove functionalities, this vulnerability directly leads to Remote Code Execution, which is a higher impact than the information disclosure typically associated with previous traversal reports.\n\n\n### Impact\nRemote Code Execution (RCE): Transition from application admin to full system control.\nSCADA Operational Disruption: Potential for physical or operational sabotage by manipulating tags and alarms.\nData Integrity & Availability: Full access to projects, credentials, and historical logs.",
+  "details": "### Summary\nA flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. It is a new vulnerability a patch bypass for the sanitization in the last release .\n\n\n### Details\nThis report describes a new, distinct vulnerability that differs from previous Path Traversal advisories (such as CVE-2023-31718) in several ways:\n\nPatch Bypass (Regression): The vulnerability circumvents the existing sanitization logic implemented to fix previous traversal issues. The current \"single-pass\" regex approach is insufficient against nested sequences.\nExpansion of Scope: Unlike previous reports that focused primarily on /api/download, this bypass affects multiple critical endpoints, including /api/upload, /api/resources/remove, and /api/logs.\nEscalation to RCE: By targeting the \nupload\n and remove functionalities, this vulnerability directly leads to Remote Code Execution, which is a higher impact than the information disclosure typically associated with previous traversal reports.\n\n\n### Impact\nRemote Code Execution (RCE): Transition from application admin to full system control.\nSCADA Operational Disruption: Potential for physical or operational sabotage by manipulating tags and alarms.\nData Integrity & Availability: Full access to projects, credentials, and historical logs.\n\n### Patches\n\nThis issue has been patched in FUXA version 1.2.11. Users are strongly encouraged to update to the latest available release.",
   "severity": [
     {
       "type": "CVSS_V4",