CVE-2026-33208 - Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint
CVE ID :CVE-2026-33208 Published : April 24, 2026, 3:16 a.m. | 36 minutes ago Description :Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied word
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
- [CYBER] Ransomware Gang Unveils Custom Data-Theft Tool
- [CYBER] Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
- [CYBER] Tanzania: Dar es Salaam Leads As 518 People Reportedly Dead During Oct 29 Unrest
- [CYBER] Bitwarden CLI Compromised After Malicious GitHub Actions Workflow
- [CYBER] CVE-2026-41316 - ERB has an @_init deserialization guard bypass via def_module / def_method / def_class