{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T18:00:27.130","vulnerabilities":[{"cve":{"id":"CVE-2026-22265","sourceIdentifier":"security-advisories@github.com","published":"2026-01-15T17:16:07.670","lastModified":"2026-02-18T17:38:54.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2."},{"lang":"es","value":"Roxy-WI es una interfaz web para gestionar servidores Haproxy, Nginx, Apache y Keepalived. Anteriormente a la versión 8.2.8.2, existe una vulnerabilidad de inyección de comandos en la funcionalidad de visualización de registros que permite a usuarios autenticados ejecutar comandos de sistema arbitrarios. La vulnerabilidad se encuentra en app/modules/roxywi/logs.py línea 87, donde el parámetro grep se utiliza dos veces — una vez saneado y otra sin procesar. Esta vulnerabilidad se corrigió en la versión 8.2.8.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:*","versionEndExcluding":"8.2.8.2","matchCriteriaId":"29779791-CB73-48F7-A0FD-94C543DA082F"}]}]}],"references":[{"url":"https://github.com/roxy-wi/roxy-wi/commit/f040d3338c4ba6f66127487361592e32e0188eee","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/roxy-wi/roxy-wi/releases/tag/v8.2.8.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-mmmf-vh7m-rm47","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}