CVE-2026-33431

EPSS -
Veröffentlicht 20.04.2026 20:24:15
Zuletzt bearbeitet 20.04.2026 21:16:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and its contents returned to the caller. The existing path traversal guard only inspects the base directory variable (which is never user-controlled) and entirely ignores the user-supplied configver value. An authenticated attacker can supply a configver value containing `../` sequences to escape the intended directory and read arbitrary files accessible to the web application process. Version 8.2.6.4 contains a patch for the issue.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerroxy-wi

≫

Produkt roxy-wi

Version < 8.2.6.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-24 Path Traversal: '../filedir'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4

https://github.com/roxy-wi/roxy-wi/commit/d4d100067dd0ee04317f05d3b51be8fcfdc3f802

https://nvd.nist.gov/vuln/detail/CVE-2026-33431

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33431

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33431

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33431