CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

PT-2026-3072

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is a Roxy-WI open source web interface for managing Haproxy, Nginx and Keepalived servers. An operating system command injection vulnerability exists in Roxy-WI 8.1.3 and earlier versions, which stems from the parameter action/service in the actionservice function of the file...

CVE-2022-31125

CVE-2022-31125: Roxy-WI authentication bypass vulnerability allowing remote, unauthenticated access to admin functionality via a crafted HTTP request. Affected: Roxy-WI before 6.1.1.0. Exploitation exists (exploit-db/poC references). Remediation: upgrade to version 6.1.1.0 or later; exploit examp...