CVE-2026-33076

Vulnerability Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the issue.

Vulnerability Details

Published Date

April 24, 2026

Last Modified

April 24, 2026

CWE ID

CWE-22

Source

NVD

Vendor

roxy-wi

Product

roxy-wi

External References

https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031
https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-mmgm-p9x9-h33j

CVE-2026-33076

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment