{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33077", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T19:27:06.344Z", "datePublished": "2026-04-24T01:55:43.957Z", "dateUpdated": "2026-04-25T01:43:15.709Z"}, "containers": {"cna": {"title": "Roxy-WI has an arbitrary file read vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w"}, {"name": "https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031", "tags": ["x_refsource_MISC"], "url": "https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031"}], "affected": [{"vendor": "roxy-wi", "product": "roxy-wi", "versions": [{"version": "< 8.2.6.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T01:55:43.957Z"}, "descriptions": [{"lang": "en", "value": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue."}], "source": {"advisory": "GHSA-c799-4ww6-q93w", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-25T01:43:08.491834Z", "id": "CVE-2026-33077", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-25T01:43:15.709Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33077", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-25T01:43:08.491834Z"}}}], "references": [{"url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-25T01:42:41.692Z"}}], "cna": {"title": "Roxy-WI has an arbitrary file read vulnerability", "source": {"advisory": "GHSA-c799-4ww6-q93w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "roxy-wi", "product": "roxy-wi", "versions": [{"status": "affected", "version": "< 8.2.6.4"}]}], "references": [{"url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w", "name": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031", "name": "https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T01:55:43.957Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33077", "state": "PUBLISHED", "dateUpdated": "2026-04-25T01:43:15.709Z", "dateReserved": "2026-03-17T19:27:06.344Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-24T01:55:43.957Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:*", "matchCriteriaId": "C493C2DE-0B9D-48E1-BEDA-9ECBE24DB508", "versionEndExcluding": "8.2.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue."}], "id": "CVE-2026-33077", "lastModified": "2026-04-27T15:04:44.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-24T03:16:10.477", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/roxy-wi/roxy-wi/commit/aecc7971959092fa93e93531f1ffcde33524b031"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c799-4ww6-q93w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.2.6.4)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "roxy-wi", "source": "cna", "vendor": "roxy-wi"}, "product": "roxy-wi", "vendor": "roxy-wi"}], "analysis": {"en": {"generated_at": "2026-04-28T14:28:08.669528+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch by upgrading Roxy\u2011WI to version 8.2.6.4 or later, which removes the legacy \"oldconfig\" parameter. ", "Restrict the haproxy_section_save endpoint so that only authenticated administrative users can access it, and disable or remove the \"oldconfig\" functionality if possible to prevent unintended file reads. ", "Implement monitoring on Roxy\u2011WI logs to generate alerts for any unexpected file read attempts involving the oldconfig parameter, and investigate such events promptly."], "summary": {"action": "Patch Now", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all Roxy\u2011WI installations running versions earlier than 8.2.6.4; administrators should verify their current release and upgrade if necessary.", "description_and_impact": "Roxy\u2011WI allows an arbitrary file read through the \"oldconfig\" parameter of the haproxy_section_save endpoint, enabling attackers to read any local file on the host and potentially expose sensitive configuration, credentials, or other privileged data. This remote file disclosure flaw is defined as CWE\u201122 and has a CVSS score of 7.7, indicating high severity for data exposure.", "risk_and_exploitability": "The EPSS score of less than 1% and absence from the CISA KEV catalog indicate a low probability of active exploitation, yet the high CVSS rating means that successful exploitation would give an attacker read access to arbitrary files. The likely attack vector is via the web interface, requiring access to the haproxy_section_save route; compromise of administrative credentials or exposure of the interface would enable exploitation."}}}}, "created": "2026-04-28T04:00:05.166427+00:00", "updated": "2026-04-28T14:30:33.772295+00:00", "vendors": ["roxy-wi", "roxy-wi$PRODUCT$roxy-wi"]}