CRITICAL🇵🇱 Wersja polska

CVE-2026-45748

CVSS 9.8v3.1pub. 2026-06-05upd. 2026-06-08

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (`endpointIP`, `endpointUsername`, `password`) directly into a shell command without escaping, allowing persistent OS command injection on the source SSH host. Version 2.3.2 patches the issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Termix

    APP
    Termix
    2.1.0 – 2.3.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2026-45744CRITICAL9.9PL ✓ten sam produkt

Termix: OS command injection w endpointcie resolvePath (RCE)

CVE-2026-45750CRITICAL9.0PL ✓ten sam produkt

Command injection w Termix File Manager via parametr path (GET resolvePath)

CVE-2026-45746CRITICAL9.0PL ✓ten sam produkt

Broken Access Control w Termix — nieautoryzowany dostęp do sesji File Manager

CVE-2025-59951CRITICAL9.2PL ✓ten sam produkt

Termix: nieautoryzowany dostęp do danych SSH przez błędne wykrywanie IP

CVE-2026-45745HIGH8.0ten sam produkt

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. ...