CRITICAL🇵🇱 Wersja polska

CVE-2026-45744

CVSS 9.9v3.1pub. 2026-06-05upd. 2026-06-08

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution. Any authenticated user with an active File Manager SSH session can execute arbitrary commands on the connected remote host. Version 2.3.2 patches the issue.

🤖 AI Analysis
How it works

The resolvePath endpoint constructs system shell commands using escaping based solely on double quotes. However, this mechanism does not block command substitution using the $(...) syntax or backticks. An attacker can place an appropriately crafted expression in the request parameter, which will be executed by the shell on the remote host served by Termix.

Impact

An authenticated attacker can execute arbitrary system commands on a remote host connected via SSH session, thereby gaining full control over that system, including access to sensitive data, ability to modify files, and privilege escalation.

Mitigation & patch

Termix should be updated to version 2.3.2, which contains a patch eliminating the described vulnerability. The patch is available in the vendor's GitHub repository under the release-2.3.2-tag tag.

Who is affected

Termix versions prior to 2.3.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Termix

    APP
    Termix
    2.1.0 – 2.3.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2026-45750CRITICAL9.0PL ✓ten sam produkt

Command injection w Termix File Manager via parametr path (GET resolvePath)

CVE-2026-45746CRITICAL9.0PL ✓ten sam produkt

Broken Access Control w Termix — nieautoryzowany dostęp do sesji File Manager

CVE-2026-45748CRITICAL9.8PL ✓ten sam produkt

Command injection w Termix – endpoint SSH tunnel bez sanityzacji danych wejściowych

CVE-2025-59951CRITICAL9.2PL ✓ten sam produkt

Termix: nieautoryzowany dostęp do danych SSH przez błędne wykrywanie IP

CVE-2026-45745HIGH8.0ten sam produkt

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. ...