ByteOS Network

NVD Vulnerability Details :

CVE-2026-22265

Awaiting Analysis

Source-security-advisories@github.com

Published At-15 Jan, 2026 | 17:16

Updated At-16 Jan, 2026 | 15:55

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-78	Primary	security-advisories@github.com

CWE ID: CWE-78

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/roxy-wi/roxy-wi/commit/f040d3338c4ba6f66127487361592e32e0188eee	security-advisories@github.com	N/A
https://github.com/roxy-wi/roxy-wi/releases/tag/v8.2.8.2	security-advisories@github.com	N/A
https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-mmmf-vh7m-rm47	security-advisories@github.com	N/A