CVE-2026-54017

Open WebUI vulnerability CVE-2026-54017 affects the terminal-server proxy in backend/open_webui/routers/terminals.py before version 0.9.6. An authenticated non-admin user can craft the request path to perform traversal and SSRF to the terminal server and potentially internal services. Two vectors...

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Summary The terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured terminal server. An authenticated user who has been granted access to a terminal server can craft path values...

CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

Siemens APE1808 Improper Certificate Validation (CVE-2026-0228)

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. This plugin only works with Tenable.ot. Please visit...

Perle IOLAN STS/SCS 操作系统命令注入漏洞

Perle IOLAN STS/SCS are a series of terminal servers developed by the American company Perle, used for networking and remote management of serial devices. Versions of Perle IOLAN STS/SCS prior to version 6 contained an operating system command injection vulnerability. This vulnerability stemmed...

CVE-2026-0228

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228

Technical details about CVE-2026-0228 are not publicly provided in the supplied documents. Monitor for updates from Palo Alto Networks or other sources for affected products, impact, and remediation.

CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a security vulnerability in Palo Alto Networks PAN-OS, which stems from improper certificate verification. This vulnerability may allow users to connect to terminal server proxies o...

PT-2026-7631

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.11 / 11.2.x < 11.2.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.11, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server...

CVE-2025-8304

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

CVE-2025-8304

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

CVE-2025-8304 Information Disclosure in Identity Agent Registry Keys

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

CVE-2025-8304 Information Disclosure in Identity Agent Registry Keys

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

EUVD-2025-204701

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

CVE-2025-8304

CVE-2025-8304 affects Check Point Identity Agent on a Terminal Server. An authenticated local user can access Windows Registry keys containing sensitive information, enabling information disclosure that could allow claiming security policy rules of another user. Public sources (NVD/Red Hat/CVE) d...