Main Vulnerability Database Vulnerabilities #VU131609

External Control of File Name or Path in Roxy-WI - CVE-2026-45556

Published: May 16, 2026

Vulnerability identifier: #VU131609

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-45556

CWE-ID: CWE-73

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Roxy-WI

Affected software:
Roxy-WI

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to external control of file name or path in the POST /waf///rule//save endpoint when handling a crafted config_file_name value during WAF rule save operations. A remote user can send a specially crafted request to execute arbitrary code.

The issue can write attacker-controlled file contents to arbitrary paths on every managed load balancer in the caller's group, and the written file may be executed as root by downstream system components such as cron.

How to mitigate CVE-2026-45556

Install security update from vendor's website.

Sources

https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-85gm-773v-x7m4

External Control of File Name or Path in Roxy-WI - CVE-2026-45556

Detailed vulnerability description

How to mitigate CVE-2026-45556

Sources

Please verify you're human