CVE-2026-33078 | Roxy-WI up to 8.2.6.4 routes.py haproxy_section_save server_ip sql injection (GHSA-jmj9-2c4q-849j)

A vulnerability was found in Roxy-WI up to 8.2.6.4. It has been declared as critical. This affects the function haproxy_section_save of the file app/routes/config/routes.py. Such manipulation of the argument server_ip leads to sql injection.

This vulnerability is documented as CVE-2026-33078. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More