HomeCVE Intelligence › CVE-2026-47719
CVSS 8.2 HIGH Vulnerability

CVE-2026-47719: FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with r…

Summary An unauthenticated attacker (Alice) connects to FUXA's Socket.IO endpoint and emits a device-webapi-request event whose property.address field names an arbitrary URL. FUXA's DEVICE_WEBAPI_REQUEST handler at serv…

8.2CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-47719
Vendornpm
Affected Productfuxa-server
Vulnerability TypeVulnerability
CVSS Score8.2 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary An unauthenticated attacker (Alice) connects to FUXA's Socket.IO endpoint and emits a device-webapi-request event whose property.address field names an arbitrary URL. FUXA's DEVICE_WEBAPI_REQUEST handler at server/runtime/index.js:296 calls axios.get(address) server-side and broadcasts the full response body back on the same event via io.emit. The companion handler DEVICE_PROPERTY at server/runtime/index.js:153 has the same miss against OPC UA and ODBC endpoints. Both handlers skip the isSocketWriteAuthorized() check that the other write-capable events (DEVICE_VALUES at line 182, DEVICE_ENABLE at line 358) call. Alice reads cloud instance metadata, scans internal services, and connects to any OPC UA server or ODBC database the FUXA host can reach, then rece

🎯 Known Indicators of Compromise

{"type":"domain","value":"socket.io","confidence_score":0.75,"first_seen":"2026-06-09","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-47719 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence