HIGH🇵🇱 Wersja polska

CVE-2026-45745

CVSS 8.0v3.1pub. 2026-06-05upd. 2026-06-08

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Termix server. This can lead to credential theft and JWT/session theft during login and normal use. As of time of publication, no known patched versions are available.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
  • Termix

    APP
    Termix
    ≥ 1.7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-45750CRITICAL9.0PL ✓ten sam produkt

Command injection w Termix File Manager via parametr path (GET resolvePath)

CVE-2026-45744CRITICAL9.9PL ✓ten sam produkt

Termix: OS command injection w endpointcie resolvePath (RCE)

CVE-2026-45746CRITICAL9.0PL ✓ten sam produkt

Broken Access Control w Termix — nieautoryzowany dostęp do sesji File Manager

CVE-2026-45748CRITICAL9.8PL ✓ten sam produkt

Command injection w Termix – endpoint SSH tunnel bez sanityzacji danych wejściowych

CVE-2025-59951CRITICAL9.2PL ✓ten sam produkt

Termix: nieautoryzowany dostęp do danych SSH przez błędne wykrywanie IP