Authentication Bypass Vulnerability in Roxy-WI Web Interface for Haproxy, Nginx, Apache, and Keepalived
CVE-2026-45567

8.3HIGH

Key Information:

Vendor

Roxy-wi

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-45567?

Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers, is affected by an authentication bypass vulnerability. This issue arises when an attacker can exploit the presence of the 'api' substring in the URL along with accessing the unauthenticated endpoint /api/gpt. As of the time of this writing, there are no publicly available patches to remediate this vulnerability. Users are advised to review their security policies and consider restricting access to the affected interfaces.

Affected Version(s)

roxy-wi <= 8.2.6.4

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.