CVE-2026-45743
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or guesses another user's active sessionId can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Termix-SSH | Termix | < 2.3.2 | affected |
Weaknesses
- CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://github.com/Termix-SSH/Termix/security/advisories/GHSA-5fqh-77cr-jj5x
- https://github.com/Termix-SSH/Termix/releases/tag/release-2.3.2-tag
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.