Web Interface Vulnerability in Roxy-WI for Server Management
CVE-2026-45561
6.5MEDIUM
What is CVE-2026-45561?
Roxy-WI, a web interface designed for managing servers such as Haproxy, Nginx, Apache, and Keepalived, contains a security flaw in the handling of specific URL paths. Versions up to 8.2.6.4 allow attackers to manipulate requests using the /smon/agent/{version,uptime,status,checks}/<server_ip> routes. The application processes the path component without adequate validation, enabling potential exploitation through crafted inputs. This could involve directing data to local or private IPs, posing significant risks, particularly when exploited. As of now, no patches are available to mitigate this vulnerability.
Affected Version(s)
roxy-wi <= 8.2.6.4
