CVE-2026-33529 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-33529 at MITRE

Description

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Version 3.3.2 patches the issue.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

SUSE-SU-2026:1135-1, published 2026-03-27T17:33:53Z

List of released packages

Product(s)	Fixed package version(s)	References

SUSE Timeline for this CVE

CVE page created: Thu Mar 26 22:33:06 2026
CVE page last modified: Fri May 8 12:08:55 2026