CVE-2026-33076

· NIST NVD ↗

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the issue.

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-24
Published

CWE codes

CWE-22

Affected products

roxy-wi:roxy-wi

Sources