CVE-2026-33529
Zoraxy (github.com/tobychui/zoraxy) exposes an authenticated path traversal in the configuration import endpoint prior to version 3.3.2. The flaw allows writing arbitrary files outside the config directory, enabling potential remote code execution by creating a plugin. The issue is mitigated in v...