PT-2026-34834 · Roxy-Wi · Roxy-Wi

Firebasky

Published

2026-04-24

Updated

2026-04-25

CVE-2026-33077

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 8.2.6.4

Description An arbitrary file read issue exists in the 'haproxy section save' interface via the oldconfig parameter. This allows an attacker to read files from the server that they should not have access to.

Recommendations Update to version 8.2.6.4. As a temporary workaround, restrict access to the 'haproxy section save' interface or avoid using the oldconfig parameter.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-33077

Affected Products

Roxy-Wi

PT-2026-34834 · Roxy-Wi · Roxy-Wi

CVE-2026-33077

Weakness Enumeration

Related Identifiers

Affected Products

References · 4