3 matches found
CVE-2026-33431 Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...
CVE-2026-33431
Roxy-WI vulnerability CVE-2026-33431: before 8.2.6.4, the POST /config//show endpoint uses a user-supplied configver to form a local file path, bypassing the path-traversal guard limited to the base directory. An authenticated attacker can supply ../ sequences to read arbitrary files accessible t...
Roxy-WI 安全漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI prior to 8.2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from a path traversal issue with the configver parameter in the POST /config//show API...