CVE Catalog

CVE-2026-45745

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Summary

Termix is a web-based server management platform that, starting from version 1.7.0, disables TLS certificate validation. This allows attackers to intercept and modify HTTPS traffic to the configured Termix server.

Risk Assessment

Attackers can capture login credentials and session tokens, leading to credential theft and security breaches for users.

Recommendation

It is recommended to avoid using version 1.7.0 and earlier until a patch is released. Additional security measures, such as using a VPN, should also be considered.

Original NVD description (English source)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Termix server. This can lead to credential theft and JWT/session theft during login and normal use. As of time of publication, no known patched versions are available.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS