Authentication Bypass Vulnerability in Roxy-WI Web Interface for Haproxy, Nginx, Apache, and Keepalived
CVE-2026-45567
8.3HIGH
What is CVE-2026-45567?
Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers, is affected by an authentication bypass vulnerability. This issue arises when an attacker can exploit the presence of the 'api' substring in the URL along with accessing the unauthenticated endpoint /api/gpt. As of the time of this writing, there are no publicly available patches to remediate this vulnerability. Users are advised to review their security policies and consider restricting access to the affected interfaces.
Affected Version(s)
roxy-wi <= 8.2.6.4
