Skip to main content

Termix CVE-2026-42453

HIGH
Command Injection (CWE-77)
2026-05-08 GitHub_M
8.7
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
May 08, 2026 - 23:22 NVD
8.7 (HIGH)
CVE Published
May 08, 2026 - 22:55 nvd
HIGH 8.7

DescriptionGitHub Advisory

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operations which use single-quote escaping. Double quotes allow $(command) substitution, enabling command injection on the remote SSH host. This issue has been patched in version 2.1.0.

Analysis

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operations which use single-quote escaping. Double quotes allow $(command) substitution, enabling command injection on the remote SSH host. This issue has been patched in version 2.1.0.

More in Termix

View all
CVE-2025-59951 CRITICAL POC
9.1 Oct 01

Docker default credentials in Termix server management. PoC and patch available.

CVE-2026-22804 HIGH POC
8.0 Jan 12

Stored XSS in Termix File Manager (versions 1.7.0-1.9.0) allows attackers with SSH server access to execute arbitrary Ja

CVE-2026-45744 CRITICAL
9.9 Jun 05

Remote command execution in Termix web-based server management platform (versions prior to 2.3.2) allows any authenticat

CVE-2026-45748 CRITICAL
9.8 Jun 05

OS command injection in Termix web-based server management platform prior to version 2.3.2 allows remote unauthenticated

CVE-2026-45746 CRITICAL
9.0 Jun 05

Cross-tenant remote code execution in Termix (web-based SSH/file management platform) prior to version 2.3.2 allows an a

CVE-2026-45750 CRITICAL
9.0 Jun 05

Command injection in Termix server management platform before version 2.3.2 allows authenticated users to execute arbitr

CVE-2026-45749 HIGH
8.1 Jun 05

Authentication bypass of MFA in Termix versions prior to 2.3.2 allows an attacker who already holds a victim's account p

CVE-2026-45743 HIGH
8.1 Jun 05

Cross-tenant SSH session hijacking in Termix versions prior to 2.3.2 allows any authenticated user to fully control anot

CVE-2026-42452 HIGH
8.1 May 08

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to v

CVE-2026-45745 HIGH
8.0 Jun 05

Machine-in-the-middle interception of HTTPS traffic in Termix Desktop (Electron) starting at version 1.7.0 allows attack

Share

CVE-2026-42453 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy