Github.Com Tobychui Zoraxy vulnerabilities
2 known vulnerabilities affecting github.com/tobychui_zoraxy.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-33529P2LOW≥ 0, < 3.3.22026-03-25
CVE-2026-33529 [LOW] CWE-22 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE
Zoraxy: Authenticated Path Traversal in Config Import leads to RCE
# Authenticated Path Traversal to RCE via Configuration Import
## Summary
An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin.
## Details
The vulnerable endpoint is `POST /api
ghsaosv
CVE-2024-52010P3HIGH≥ 2.6.1, < 3.1.32024-11-12
CVE-2024-52010 [HIGH] CWE-78 Zoraxy has an authenticated command injection in the Web SSH feature
Zoraxy has an authenticated command injection in the Web SSH feature
### Summary
A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host.
### Details
Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers.
In [`HandleCreateProxySession`](https://github.co
ghsaosv