CVE-2026-33076
CRITICAL WAF: High
CVSS 9.8
Published: 2026-04-24
CWE-22
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the issue.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| roxy-wi | roxy-wi | up to 8.2.6.4 |
References
- github.com (Patch)
- github.com (Exploit, Vendor Advisory)