CVE-2024-43804
published 2024-08-29CVE-2024-43804: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.54%
83.0th percentile
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used without validation when constructing and executing an OS command. User supplied JSON POST data is parsed and if "id" JSON key does not exist, JSON value supplied via "ip" JSON key is assigned to the "ip" variable. Later on, "ip" variable which can be controlled by the attacker is used when constructing the cmd and cmd1 strings without any extra validation. Then, server_mod.subprocess_execute function is called on both cmd1 and cmd2. When the definition of the server_mod.subprocess_execute() function is analyzed, it can be seen that subprocess.Popen() is called on the input parameter with shell=True which results in OS Command Injection. This issue has not yet been patched. Users are advised to contact the Roxy-WI to coordinate a fix.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roxy-wi | roxy-wi | <= 8.0 | — |
| roxy-wi | roxy-wi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →OS Command Injection via the 'ip' JSON key in a POST request to the port scanning functionality; user-supplied value is passed unsanitized into a shell command constructed as cmd/cmd1 strings, then executed via subprocess.Popen() with shell=True ↗
- →Sink is subprocess.Popen() called with shell=True on attacker-controlled input; monitor for anomalous child processes spawned by the Roxy-WI web application process ↗
- →Any authenticated user can trigger the vulnerability; alert on authenticated POST requests to the port scanning endpoint containing an 'ip' JSON key with shell metacharacters (e.g., ;, |, $(), backticks) ↗
- ·No patch was available at time of disclosure; users were advised to contact Roxy-WI to coordinate a fix ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_oracle8.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22265 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-22265 [HIGH] CVE-2026-22265 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22265 :
Roxy-WI vulnerability analysis and mitigation
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Roxy-WI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.9
Exploitation Probability (EPSS) 0.2
Affected
Wiz
CVE-2026-27811 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-27811 [HIGH] CVE-2026-27811 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27811 :
Roxy-WI vulnerability analysis and mitigation
/config/compare///show
app/modules/config/config.py
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Roxy-WI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 77.4
Exploitation Probability (EPSS) 1
Affected packages and libraries
cpe:2.3:a:roxy-wi:roxy-wi
Sources
Linux Severity HIGH Has Fix Added at: Mar 19, 2026
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Roxy-WI vulnerabilities:
CVE ID
Severity
Scor
2024-08-29
Published