PT-2026-34833 · Roxy-Wi · Roxy-Wi

Firebasky

Published

2026-04-24

Updated

2026-04-25

CVE-2026-33076

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 8.2.6.4

Description The 'haproxy section save' interface allows remote code execution. This is possible through path traversal, which enables writing into scheduled tasks.

Recommendations Update to version 8.2.6.4.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-33076

Affected Products

Roxy-Wi

PT-2026-34833 · Roxy-Wi · Roxy-Wi

CVE-2026-33076

Weakness Enumeration

Related Identifiers

Affected Products

References · 4