Vulnerabilities ›

CVE-2026-33077

High ⚡ Exploit Available

CWE-22 — Weakness Type

                    Published: Apr 25, 2026                      ·  Modified: Apr 30, 2026                      ·  Source: CIRCL                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue.

🤖 AI Executive Summary

Roxy-WI versions prior to 8.2.6.4 contain an arbitrary file read vulnerability in the oldconfig parameter of the haproxy_section_save interface, allowing attackers to read sensitive files. This vulnerability affects organizations managing HAProxy, Nginx, Apache, and Keepalived servers through the Roxy-WI web interface.

📄 Description (Arabic)

تحتوي نسخ Roxy-WI السابقة للإصدار 8.2.6.4 على ثغرة قراءة ملفات تعسفية في معامل oldconfig بواسطة واجهة haproxy_section_save. تسمح هذه الثغرة للمهاجمين بقراءة ملفات حساسة من النظام بما في ذلك ملفات الإعدادات والمفاتيح الخاصة. يؤثر هذا على المؤسسات التي تدير خوادم HAProxy و Nginx و Apache و Keepalived.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 3, 2026 13:17

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom energy government banking

🎯 MITRE ATT&CK Techniques

T1083 T1552 T1190

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Roxy-WI to version 8.2.6.4 or later immediately. Implement strict input validation and path traversal protections on the oldconfig parameter. Restrict access to the haproxy_section_save interface using network-level controls and authentication mechanisms. Review access logs for suspicious file read attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية Roxy-WI إلى الإصدار 8.2.6.4 أو أحدث فوراً. طبق التحقق الصارم من المدخلات وحماية من هجمات traversal على معامل oldconfig. قيد الوصول إلى واجهة haproxy_section_save باستخدام عناصر التحكم على مستوى الشبكة وآليات المصادقة. راجع سجلات الوصول للكشف عن محاولات قراءة ملفات مريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.2.1

🔵 SAMA CSF

ID.RA-1 PR.AC-1 PR.AC-6

🟡 ISO 27001:2022

A.6.1.1 A.13.1.1 A.13.1.3

🔗 References & Sources 3

🔗

https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031

security-advisories@github.com

Patch

🔗

https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w

security-advisories@github.com

Exploit Vendor Advisory

🔗

https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w

134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit Vendor Advisory

📦 Affected Products / CPE 1 entries

roxy-wi:roxy-wi

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-22

EPSS0.06%

Exploit ✓ Yes

Patch ✗ No

Published 2026-04-25

Source Feed circl

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏢 Vendor Advisories

🔗 https://github.com/roxy-wi/roxy-wi/security/advisori... 🔗 https://github.com/roxy-wi/roxy-wi/security/advisori...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-33077

💬 Comments

Introduce Yourself

Sign In Required