9 matches found
CVE-2025-59951
Summary: CVE-2025-59951 concerns Termix’s official Docker image (v1.5.0 and below). A misconfigured Nginx reverse proxy causes the backend to treat the proxy IP as the client IP, making isLocalhost return true and exposing the /ssh/db/host/internal endpoint without login. This endpoint stores SSH...
CVE-2026-45745
Termix Desktop (Electron) versions starting with 1.7.0 have disabled TLS certificate validation, enabling network-level MITM to intercept/modify HTTPS traffic to the Termix server and potentially steal credentials and JWT/session data during login and normal use. No patched versions are publicly ...
CVE-2026-45748
Termix includes a vulnerability in its POST /ssh/tunnel/connect endpoint prior to version 2.3.2. The handler builds an SSH tunnel command by directly interpolating user-controlled fields (endpointIP, endpointUsername, password) into a shell command without escaping, enabling persistent OS command...
CVE-2026-45750
Summary: CVE-2026-45750 affects Termix prior to 2.3.2. The flaw is in the GET /ssh/file_manager/ssh/resolvePath endpoint of the Termix File Manager, where the path parameter is embedded into a shell command executed in the active SSH session. User-controlled input is placed inside double quotes w...
CVE-2026-45746
Termix prior to v2.3.2 exposes a critical Broken Access Control in the File Manager due to improper validation of the sessionId, allowing a client-controlled session identifier to access other users’ File Manager sessions tied to SSH connections. This can lead to unauthorized interaction with rem...
CVE-2026-45744
Termix web-based server management platform is affected by an OS command injection in the GET /ssh/file_manager/ssh/resolvePath endpoint prior to version 2.3.2. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution....
CVE-2026-45749
Termix (web-based server management platform) prior to v2.3.2 exposes MFA risk via POST /users/totp/disable and POST /users/totp/backup-codes, which accept only the account password as authentication for MFA-critical actions. An attacker with a compromised password can disable TOTP or regenerate ...
CVE-2026-45743
Termix before 2.3.2 has an IDOR flaw in 16 file-manager endpoints where the server fails to verify that the requester owns the SSH session identified by sessionId. An authenticated user who can guess another user’s active sessionId can read, write, delete, download, and execute files on the victi...
CVE-2026-22804
CVE-2026-22804 affects Termix versions 1.7.0–1.9.0, where the File Viewer component in the File Manager (src/ui/desktop/apps/file-manager/components/FileViewer.tsx) fails to sanitize SVG content, allowing a stored XSS that can execute arbitrary JavaScript in the app context. If exploited, this ca...