Tobychui Zoraxy vulnerabilities
2 known vulnerabilities affecting tobychui/zoraxy.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-33529P2HIGHCVSS 8.8fixed in 3.3.22026-03-26
CVE-2026-33529 [HIGH] CWE-22 CVE-2026-33529: Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authe
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Version 3.3.2 patches the issue.
nvd
CVE-2024-52010P3HIGHCVSS 8.6v>= 2.6.1, < 3.1.32024-11-12
CVE-2024-52010 [HIGH] CWE-78 CVE-2024-52010: Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerabilit
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In HandleCreateProxySession
nvd