CVE-2026-33078
Roxy-WI prior to version 8.2.6.4 contains a SQL injection in the haproxy_section_save endpoint (app/routes/config/routes.py). The server_ip parameter, sourced from the URL path, is passed unsanitized through multiple calls and interpolated into a SQL query string using Python string formatting, e...