Skip to content
CVSS 7.5 · HIGH

CVE-2026-33077

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

View on NVD

Analysis

Roxy-WI is a specialized management interface for critical infrastructure like HAProxy, Nginx, and Apache. A path traversal vulnerability in a configuration management tool is high-impact because it can lead to the exposure of SSL keys, system credentials, and configuration secrets.

Severity

Score: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Weakness (CWE): CWE-22

EPSS

Probability of exploitation (next 30 days): 0.0006 (0.1%)
Percentile: 18.2%
EPSS: 2026-05-06

Affects

roxy-wi:roxy-wi

Technical description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

Published: 4/24/2026, 3:16:10 AM
Last modified: 4/27/2026, 3:04:44 PM

References

HomeEventsBlogResourcesTeam