CVE-2026-45567

8.3 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers

Published: 2026-06-10 · Last updated: 2026-06-10

Severity and scoring

CVSS: 8.3 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CWE: CWE-287, CWE-306, CWE-697

Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
CVE-2026-46705 — Russh is a Rust SSH client & server library (5.3 MEDIUM)
CVE-2022-48575 — A person with access to a Mac may be able to bypass Login Window (3.5 LOW)
CVE-2026-46612 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.8 HIGH)
CVE-2026-20253 — In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthen... (9.8 CRITICAL)