CVE-2026-33077

Published: Apr 24, 2026

Modified: Apr 25, 2026

PUBLISHED

Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

Vendor	Product	Versions
roxy-wi	roxy-wi	affected `< 8.2.6.4`

Weaknesses (CWE)

CWE-22

References

https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w

x_refsource_CONFIRM

https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-33077

Description

Affected Products

Weaknesses (CWE)

References