Skip to main content

Termix CVE-2026-42452

HIGH
Missing Critical Step in Authentication (CWE-304)
2026-05-08 GitHub_M
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
May 08, 2026 - 22:54 nvd
HIGH 8.1

DescriptionGitHub Advisory

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.

Analysis

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.

More in Termix

View all
CVE-2025-59951 CRITICAL POC
9.1 Oct 01

Docker default credentials in Termix server management. PoC and patch available.

CVE-2026-22804 HIGH POC
8.0 Jan 12

Stored XSS in Termix File Manager (versions 1.7.0-1.9.0) allows attackers with SSH server access to execute arbitrary Ja

CVE-2026-45744 CRITICAL
9.9 Jun 05

Remote command execution in Termix web-based server management platform (versions prior to 2.3.2) allows any authenticat

CVE-2026-45748 CRITICAL
9.8 Jun 05

OS command injection in Termix web-based server management platform prior to version 2.3.2 allows remote unauthenticated

CVE-2026-45746 CRITICAL
9.0 Jun 05

Cross-tenant remote code execution in Termix (web-based SSH/file management platform) prior to version 2.3.2 allows an a

CVE-2026-45750 CRITICAL
9.0 Jun 05

Command injection in Termix server management platform before version 2.3.2 allows authenticated users to execute arbitr

CVE-2026-42453 HIGH
8.7 May 08

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to v

CVE-2026-45749 HIGH
8.1 Jun 05

Authentication bypass of MFA in Termix versions prior to 2.3.2 allows an attacker who already holds a victim's account p

CVE-2026-45743 HIGH
8.1 Jun 05

Cross-tenant SSH session hijacking in Termix versions prior to 2.3.2 allows any authenticated user to fully control anot

CVE-2026-45745 HIGH
8.0 Jun 05

Machine-in-the-middle interception of HTTPS traffic in Termix Desktop (Electron) starting at version 1.7.0 allows attack

Share

CVE-2026-42452 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy