CVE-2026-45743
HighCVSS 8.1Summary
Termix is a web-based server management platform that prior to version 2.3.2 had 16 file-manager endpoints that did not verify if the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can access files on the victim's connected SSH host.
Risk Assessment
An attacker can manipulate files on the victim's server, leading to serious security breaches, including data theft or malware deployment. This poses a risk to the integrity and confidentiality of data within the organization.
Recommendation
It is recommended to update Termix to version 2.3.2 or later to patch this vulnerability. Additionally, implementing further session verification mechanisms for users is advisable.
Original NVD description (English source)
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.

