216.73.217.22

CVE-2026-33076

· Published 24/04/2026 03:16 · Modified 24/04/2026 19:17

Labels: CVE-2026-33076 2026-04-24CVE-2026-33076CWE-22[email protected]

Essential information

Published
24/04/2026 03:16
Modified
24/04/2026 19:17
Author
Creator
CVSS
8.9 HIGH (v3) 8.9 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the issue.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
roxy-wi / roxy-wi cpe:2.3:a:roxy-wi:roxy-wi:<8.2.6.4:*:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
nginx / nginx cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*
apache / http server cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
keepalived / keepalived cpe:2.3:a:keepalived:keepalived:*:*:*:*:*:*:*:*

References