Vulnerability Details CVE-2026-45743
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.5%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2026-45743
-
cpe:2.3:a:termix:termix:2.1.0
-
cpe:2.3:a:termix:termix:2.2.0
-
cpe:2.3:a:termix:termix:2.2.1
-
cpe:2.3:a:termix:termix:2.3.0
-
cpe:2.3:a:termix:termix:2.3.1