CNNVD-202601-2587 Information

CNNVD ID

CNNVD-202601-2587

Related CVE

CVE-2026-22265

• CNNVD Published: 2026-01-15

Description (Chinese)

Roxy-WI是Roxy-WI开源的一款用于管理 Haproxy、Nginx 和 Keepalived 服务器的 Web 界面。 Roxy-WI 8.2.8.2之前版本存在操作系统命令注入漏洞，该漏洞源于日志查看功能存在命令注入，可能导致执行任意系统命令。

Description (English)

Roxy-WI is a web interface for running Haproxy, Nginx and Keepalived servers. Prior to the Roxy-WI 8.2.8.2, there was a gap in the operating system command, which resulted from the log viewing function of the order injection, which could lead to the execution of arbitrary system orders.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Roxy-WI

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/roxy-wi/roxy-wi/commit/f040d3338c4ba6f66127487361592e32e0188eee https://github.com/roxy-wi/roxy-wi/releases/tag/v8.2.8.2 https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-mmmf-vh7m-rm47

Patch

https://github.com/roxy-wi/roxy-wi/releases