CVE Catalog

CVE-2026-45743

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Summary

Termix is a web-based server management platform that prior to version 2.3.2 had 16 file-manager endpoints that did not verify if the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can access files on the victim's connected SSH host.

Risk Assessment

An attacker can manipulate files on the victim's server, leading to serious security breaches, including data theft or malware deployment. This poses a risk to the integrity and confidentiality of data within the organization.

Recommendation

It is recommended to update Termix to version 2.3.2 or later to patch this vulnerability. Additionally, implementing further session verification mechanisms for users is advisable.

Original NVD description (English source)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS