CVE-2026-27811
published 2026-03-18CVE-2026-27811: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in…
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.04%
78.7th percentile
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare///show` endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability exists in `app/modules/config/config.py` on line 362, where user input is directly formatted in the template string that is eventually executed. Version 8.2.6.3 fixes the issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roxy-wi | roxy-wi | < 8.2.6.3 | 8.2.6.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the /config/compare///show endpoint for anomalous or shell-metacharacter-containing parameters, which may indicate command injection attempts by authenticated users. ↗
- →Audit Roxy-WI instances running versions prior to 8.2.6.3; the vulnerable code path is in app/modules/config/config.py at line 362 where user input is unsafely interpolated into a command template string. ↗
- ·Exploitation requires authentication; this is not an unauthenticated RCE. Detections should account for sessions from legitimate but potentially compromised authenticated accounts. ↗
- ·The vulnerability is fixed in version 8.2.6.3; only instances running prior versions are affected. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22265 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-22265 [HIGH] CVE-2026-22265 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22265 :
Roxy-WI vulnerability analysis and mitigation
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Roxy-WI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.9
Exploitation Probability (EPSS) 0.2
Affected
Wiz
CVE-2026-27811 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-27811 [HIGH] CVE-2026-27811 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27811 :
Roxy-WI vulnerability analysis and mitigation
/config/compare///show
app/modules/config/config.py
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Roxy-WI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 77.4
Exploitation Probability (EPSS) 1
Affected packages and libraries
cpe:2.3:a:roxy-wi:roxy-wi
Sources
Linux Severity HIGH Has Fix Added at: Mar 19, 2026
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Roxy-WI vulnerabilities:
CVE ID
Severity
Scor
2026-03-18
Published