Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-45746— Termix Vulnerable to Arbitrary Command Execution via Session Hijacking

CVSS 9.0 · Critical EPSS 0.32% · P24

Affected Version Matrix 1

VendorProductVersion RangeStatus
Termix-SSHTermix< 2.3.2affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45746

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Termix Vulnerable to Arbitrary Command Execution via Session Hijacking
Source: NVD (National Vulnerability Database)
Vulnerability Description
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend trusts a client-controlled identifier without verifying that it belongs to the authenticated user. This allows an attacker to manipulate the value and access active File Manager sessions belonging to other users. Since these sessions are tied to SSH connections to remote VPS instances, exploitation allows unauthorized interaction with another user's remote filesystem. Because the File Manager exposes functionality such as file reading, writing, uploading, and execution, this vulnerability enables direct command execution on another user's VPS (RCE). Version 2.3.2 patches the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Termix 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Termix是Karmaa个人开发者的一个服务器管理平台。 Termix 2.3.2之前版本存在安全漏洞,该漏洞源于文件管理器功能对sessionId参数验证不当,信任客户端控制的标识符而未验证其属于经过身份验证的用户,可能导致攻击者操纵该值并访问其他用户的活跃文件管理器会话,实现与另一个用户远程文件系统的未授权交互,导致直接命令执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Termix-SSHTermix < 2.3.2 -

II. Public POCs for CVE-2026-45746

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8387 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-45746

登录查看更多情报信息。

Vendor Advisories for CVE-2026-45746 (1)

Same Patch Batch · Termix-SSH · 2026-06-05 · 7 CVEs total

CVE-2026-457449.9 CRITICALTermix has an OS Command Injection in File Manager resolvePath endpoint
CVE-2026-457489.8 CRITICALTermix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection
CVE-2026-457509.0 CRITICALTermix Vulnerable to Arbitrary Command Execution in File Manager
CVE-2026-457438.1 HIGHTermix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)
CVE-2026-457498.1 HIGHTermix's TOTP two-factor authentication can be disabled or bypassed using only the account
CVE-2026-457458.0 HIGHTermix has improper certificate validation in Electron desktop client that enables MITM cr

IV. Related Vulnerabilities

Same product: Termix
Same vendor: Termix-SSH
Same weakness: CWE-284

V. Comments for CVE-2026-45746

No comments yet

Leave a comment