ByteOS Network

NVD Vulnerability Details :

CVE-2026-45563

Deferred

Source-security-advisories@github.com

Published At-10 Jun, 2026 | 15:16

Updated At-10 Jun, 2026 | 19:37

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group — can list any other user's full action audit trail (server IPs touched, configs deployed, services restarted). At time of publication, there are no publicly available patches.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-639	Secondary	security-advisories@github.com
CWE-863	Secondary	security-advisories@github.com

CWE ID: CWE-639

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-863

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-wcmc-cjmw-54x9	security-advisories@github.com	N/A
https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-wcmc-cjmw-54x9	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-wcmc-cjmw-54x9

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-wcmc-cjmw-54x9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History