Roxy Wi
CVE-2026-22265
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.
AnalysisAI
Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later.
Technical ContextAI
Classified as CWE-78 (OS Command Injection). Affects the log viewing component of Roxy-Wi. Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.
RemediationAI
A vendor patch is available — apply it immediately. Fixed in version 8.2.8.2.. Restrict network access to the affected service where possible.
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Rated critical severity (CVSS 9.8), this
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical sever
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical sever
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated high severity (CVSS 8.8), t
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated high severity (CVSS 7.5),
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated high severity (CVSS 7.5),
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated medium severity (CVS
Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. Rated critical severity (CVSS 9.8), this vulnerability is
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated medium severity (CVSS 5.3)
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. Rated high severity (CVSS 8.8)
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers. Rated high severity (CVSS 8.8), this vuln
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today