Termix-Ssh Termix vulnerabilities
11 known vulnerabilities affecting termix-ssh/termix.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH5MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-45744P2CRITICALCVSS 9.9fixed in 2.3.22026-06-05
CVE-2026-45744 [CRITICAL] CWE-78 CVE-2026-45744: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick c
nvd
CVE-2026-45748P2CRITICALCVSS 9.8fixed in 2.3.22026-06-05
CVE-2026-45748 [CRITICAL] CWE-78 CVE-2026-45748: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (`endpointIP`, `endpointUsername`, `password`) directly into a shell command without e
nvd
CVE-2026-42454P2CRITICALCVSS 9.9fixed in 2.1.02026-05-08
CVE-2026-42454 [CRITICAL] CWE-78 CVE-2026-42454: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed via ssh2.Client.exec() on remote managed servers wi
nvd
CVE-2026-42453P2HIGHCVSS 8.7fixed in 2.1.02026-05-08
CVE-2026-42453 [HIGH] CWE-77 CVE-2026-42453: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operations which use single-quote escaping. Double quotes allow $(
nvd
CVE-2026-45749P3HIGHCVSS 8.1fixed in 2.3.22026-06-05
CVE-2026-45749 [HIGH] CWE-308 CVE-2026-45749: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical operations. An attacker who obtains a user's password (p
nvd
CVE-2026-45746P3CRITICALCVSS 9.0fixed in 2.3.22026-06-05
CVE-2026-45746 [CRITICAL] CWE-284 CVE-2026-45746: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend trusts a client-controlled identifier without verif
nvd
CVE-2026-45750P3CRITICALCVSS 9.0fixed in 2.3.22026-06-05
CVE-2026-45750 [CRITICAL] CWE-78 CVE-2026-45750: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command executed over the active SSH session. Because the user-
nvd
CVE-2026-45743P3HIGHCVSS 8.1fixed in 2.3.22026-06-05
CVE-2026-45743 [HIGH] CWE-639 CVE-2026-45743: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write,
nvd
CVE-2026-42452P3HIGHCVSS 8.1fixed in 2.1.02026-05-08
CVE-2026-42452 [HIGH] CWE-304 CVE-2026-42452: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on
nvd
CVE-2026-45745P3HIGHCVSS 8.0v>= 1.7.0, <= 2.2.12026-06-05
CVE-2026-45745 [HIGH] CWE-295 CVE-2026-45745: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Termix server. This can lead to credential theft and JW
nvd
CVE-2026-22804P4MEDIUMCVSS 4.7v>= 1.7.0, < 1.10.02026-01-12
CVE-2026-22804 [MEDIUM] CWE-79 CVE-2026-22804: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SS
nvd