216.73.217.86

CVE-2026-33077

· Published 24/04/2026 03:16 · Modified 25/04/2026 02:16

Labels: CVE-2026-33077 2026-04-24CVE-2026-33077CWE-22[email protected]

Essential information

Published
24/04/2026 03:16
Modified
25/04/2026 02:16
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
roxy-wi / roxy-wi cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:<8.2.6.4:*:*:*:*:*:*:*
nginx / nginx cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*
apache / http server cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
keepalived / keepalived cpe:2.3:a:keepalived:keepalived:*:*:*:*:*:*:*:*

References