Skip to main content

Nginx CVE-2026-45564

| EUVD-2026-36044 HIGH
OS Command Injection (CWE-78)
2026-06-10 GitHub_M
Command Injection Nginx Apache
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 10, 2026 - 15:17 vuln.today
CVE Published
Jun 10, 2026 - 14:04 nvd
HIGH 8.8

DescriptionNVD

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.system(f"dos2unix -q {cfg}"). configver is not run through EscapedString (Pydantic doesn't validate path segments declared as str) and the surrounding .. block is the broken tuple-membership patch from GHSA-vapt-004. An authenticated user with role <= 3 ("user") therefore reaches a bin/sh -c command-injection sink. At time of publication, there are no publicly available patches.

Articles & Coverage 1

News 11 New Apache Vulnerabilities - 4 Critical, 7 High Severity Jun 10, 2026

AnalysisAI

Authenticated command injection in Roxy-WI versions 8.2.6.4 and prior allows low-privileged users (role <= 3, 'user') to execute arbitrary OS commands by abusing the configver URL-path parameter on POST /config/versions/<service>/<server_ip>/<configver>/save, which flows unsanitized into an os.system() call wrapping dos2unix. No public exploit identified at time of analysis, but the GHSA advisory is published and no vendor patch exists, leaving exposed instances at immediate risk of full compromise of the management interface host.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Inventory all Roxy-WI deployments, confirm installed versions, and audit access logs for POST requests to /config/versions endpoints. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-45552 CRITICAL
9.9 Jun 10

Privilege escalation and cross-tenant compromise in Roxy-WI versions 8.2.6.4 and prior allows any authenticated user - i
CVE-2026-45556 CRITICAL
9.9 Jun 10

Remote code execution in Roxy-WI versions 8.2.6.4 and prior allows authenticated users to write attacker-controlled cont
CVE-2026-45558 CRITICAL
9.9 Jun 10

Remote code execution in Roxy-WI versions 8.2.6.4 and prior allows authenticated low-privilege users (role ≤ 3) to injec
CVE-2026-45550 CRITICAL
9.1 Jun 10

Cross-tenant data tampering in Roxy-WI versions 8.2.6.4 and prior allows any authenticated user to silently overwrite HT
CVE-2026-45549 HIGH
8.5 Jun 10

Privilege escalation in Roxy-WI versions 8.2.6.4 and prior allows any authenticated user - including the lowest-privileg

Share

CVE-2026-45564 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy