Multiple CVEs Discovered in Termix Server Management Platform
Severity: High (Score: 70.5)
Sources: Nvd.Nist, Cvefeed, cve.org
Published: · Updated:
Keywords: termix, tunnel, web-based, cve-2026-45750, detail, cve-2026-45748, vulnerable
Severity indicators: CVE:CVE-2026-45750, CVE:CVE-2026-45750, CVE:CVE-2026-45748
Summary
Termix, a web-based server management platform, has been found vulnerable to remote code execution (RCE) attacks via two critical CVEs: CVE-2026-45748 and CVE-2026-45750. Both vulnerabilities exist in the platform's SSH functionalities, allowing attackers to inject malicious commands through improperly sanitized user inputs. CVE-2026-45748 affects the `POST /ssh/tunnel/connect` endpoint, while CVE-2026-45750 impacts the `GET /ssh/file_manager/ssh/resolvePath` endpoint. Both vulnerabilities were published on June 5, 2026, and are fixed in version 2.3.2 of Termix. The vulnerabilities could potentially allow unauthorized access to sensitive systems if exploited. Currently, no specific affected products have been listed, but the vulnerabilities pose a significant risk to users of the Termix platform. Key Points: • Termix has critical RCE vulnerabilities identified as CVE-2026-45748 and CVE-2026-45750. • Both vulnerabilities stem from improper input handling in SSH-related functionalities. • Version 2.3.2 of Termix addresses these vulnerabilities; users are urged to update immediately.
Detailed Analysis
**Impact** Organizations using Termix server management platform versions prior to 2.3.2 are affected globally, with no specific sectors or geographies detailed. The vulnerabilities enable remote code execution and command injection, potentially compromising server integrity and confidentiality. This could lead to unauthorized access to sensitive data and disruption of server management operations. No exact numbers of impacted systems or data breaches have been reported. **Technical Details** Two vulnerabilities are identified: CVE-2026-45748 allows persistent OS command injection via the `POST /ssh/tunnel/connect` endpoint by unsafely interpolating user inputs into shell commands, and CVE-2026-45750 involves command substitution exploitation through the `GET /ssh/file_manager/ssh/resolvePath` endpoint. Both affect Termix versions prior to 2.3.2 and involve injection of shell commands executed over SSH sessions. No specific malware or IOCs are mentioned. These attacks occur during the execution phase of the kill chain. **Recommended Response** Apply Termix version 2.3.2 or later immediately to remediate both vulnerabilities. Monitor SSH tunnel and file manager activity for unusual command execution patterns. Harden configurations to restrict user input handling in SSH-related endpoints. In absence of specific IOCs, focus on detecting anomalous shell command executions and unauthorized SSH session activities.
Source articles (3)
- CVE-2026-45748 - Termix Vulnerable to Remote Code Execution via SSH Tunnel ... — Cvefeed · 2026-06-05
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tun… - CVE-2026-45750 Detail — Nvd.Nist · 2026-06-06
This CVE record is currently being enriched by team members, this process results in the association of reference link tags, CVSS, CWE, and CPE applicability statement data Termix is a web-based serve… - CVE-2026-45750 — cve.org · 2026-06-06
Timeline
- 2026-06-05 — CVE-2026-45748 published: CVE-2026-45748 disclosed, affecting Termix's SSH tunnel command processing, allowing OS command injection.
- 2026-06-05 — CVE-2026-45750 published: CVE-2026-45750 disclosed, impacting Termix's file manager path resolution, leading to shell command execution.
- 2026-06-06 — Patch released for Termix: Termix version 2.3.2 released to address both CVEs, users advised to update immediately.
CVEs
Related entities
- Zero-day Exploit (Attack Type)
- CWE-78 - OS Command Injection (Cwe)
- cvefeed.io (Domain)
- T1059.004 - Unix Shell (Mitre Attack)
- T1059 - Command and Scripting Interpreter (Mitre Attack)