Skip to content
CVSS 7.5 · HIGH

CVE-2026-33077

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

Ver en NVD

Análisis

Roxy-WI, a web interface for managing load balancers like HAProxy and Nginx, contains an arbitrary file read vulnerability in the haproxy_section_save interface. Attackers could potentially read sensitive configuration or system files by exploiting the oldconfig parameter.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-22

EPSS

Probabilidad de explotación (próx. 30 días): 0.0006 (0.1%)
Percentil: 18.2%
EPSS: 2026-05-06

Afecta

roxy-wi:roxy-wi

Descripción técnica

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

Publicada: 24/4/2026, 3:16:10
Última modificación: 27/4/2026, 15:04:44

Referencias

InicioEventosBlogRecursosEquipo