cvedb.io
CVE-2026-33529
LOW · CVSS 3.3
EPSS exploitation probability: 0%
Published 2026-03-26T20:16:15.070 · Last modified 2026-06-17T10:37:39.547

Summary

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Version 3.3.2 patches the issue.

Affected products

zoraxy — zoraxy

Does this affect you?

Add your gear to cvedb and we'll alert you only when zoraxy ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.