CVE-2026-33077

· NIST NVD ↗

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

HIGH
CVSS severity
7.5
CVSS base score
2026-04-24
Published

CWE codes

CWE-22

Affected products

roxy-wi:roxy-wi

Sources