VDB

TNCVE-2026-33529

TNCVE-2026-33529 PUBLISHED

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Version 3.3.2 patches the issue.

Timeline

  • Mar 26, 2026 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›