CVE-2026-33529 Zoraxy — Exploit & Vulnerability Details LOW

CVE-2026-33529

LOW CVSS 3.1: 3.3 EPSS 0.06%

Parameter	Value
CVSS	3.3 (LOW)
Type	CWE-22 (Path Traversal)
Vendor	Zoraxy
Public PoC	No

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Version 3.3.2 patches the issue.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

References 3

https://github.com/tobychui/zoraxy/commit/69ac755aeec5d15ba4c62099f7f1ed77a855b…

security-advisories@github.com

https://github.com/tobychui/zoraxy/releases/tag/v3.3.2

security-advisories@github.com

https://github.com/tobychui/zoraxy/security/advisories/GHSA-7pq3-326h-f8q9

security-advisories@github.com

Share Post Share Share Share

Menu

CVE-2026-33529

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Menu

CVE-2026-33529

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Stay informed on cybersecurity