PatchSiren cyber security CVE debrief
CVE-2026-45567 roxy-wi CVE debrief
CVE-2026-45567 is a HIGH-severity vulnerability in Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. The vulnerability allows for authentication bypass via the 'api' substring in a URL and unauthenticated access to the /api/gpt endpoint. At the time of publication, there are no publicly available patches for this vulnerability.
- Vendor
- roxy-wi
- Product
- Unknown
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Roxy-WI versions 8.2.6.4 and prior should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 8.3 and is classified as CWE-287, CWE-306, and CWE-697. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Review and apply patches as soon as they become available.
- Restrict access to the /api/gpt endpoint.
- Monitor for suspicious activity on the Roxy-WI interface.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].
Official resources
-
CVE-2026-45567 CVE record
CVE.org
-
CVE-2026-45567 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45567 was published on 2026-06-10T16:17:07.957Z and modified on 2026-06-10T19:37:41.437Z.