CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-45748

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (`endpointIP`, `endpointUsername`, `password`) directly into a shell command without escaping, allowing persistent OS command injection on the source SSH host. Version 2.3.2 patches the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.4%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2026-45748

Termix » Termix » Version: 2.1.0

cpe:2.3:a:termix:termix:2.1.0
Termix » Termix » Version: 2.2.0

cpe:2.3:a:termix:termix:2.2.0
Termix » Termix » Version: 2.2.1

cpe:2.3:a:termix:termix:2.2.1
Termix » Termix » Version: 2.3.0

cpe:2.3:a:termix:termix:2.3.0
Termix » Termix » Version: 2.3.1

cpe:2.3:a:termix:termix:2.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-45748

Products

Pricing

Contact Us