2 matches found
CVE-2026-33208
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...
CVE-2026-33076
Roxy-WI is vulnerable in the haproxy_section_save interface prior to version 8.2.6.4. The issue is a path traversal that can write into scheduled tasks, enabling remote code execution. Version 8.2.6.4 fixes the issue. (Exploitation details are not provided in the documents.)