Skip to main content

Termix Desktop EUVDEUVD-2026-34871

| CVE-2026-45745 HIGH
Improper Certificate Validation (CWE-295)
2026-06-05 GitHub_M
8.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.0 HIGH
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 05, 2026 - 18:41 vuln.today

DescriptionGitHub Advisory

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Termix server. This can lead to credential theft and JWT/session theft during login and normal use. As of time of publication, no known patched versions are available.

AnalysisAI

Machine-in-the-middle interception of HTTPS traffic in Termix Desktop (Electron) starting at version 1.7.0 allows attackers positioned on the network path to steal login credentials and JWT/session tokens because the Electron client disables TLS certificate validation entirely. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the CVSS 8.0 rating with scope-change and the absence of any vendor-released patch make this a meaningful concern for any user running Termix Desktop on untrusted networks.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Position on shared network path
Delivery
Spoof Termix server with forged TLS cert
Exploit
Victim launches Termix Desktop and logs in
Install
Client accepts certificate without validation
C2
Capture credentials and JWT from intercepted traffic
Execute
Replay JWT against real Termix server
Impact
Pivot to managed SSH hosts

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a network position between the Termix Desktop client and the configured Termix server (rogue/open Wi-Fi, ARP or DNS spoofing on a LAN, compromised upstream router, or a hostile VPN/proxy) - this is the AC:H factor and is the primary limiting condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and should be weighed together rather than reading CVSS 8.0 in isolation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same coffee-shop Wi-Fi as a Termix Desktop user runs a tool such as mitmproxy or bettercap with a self-signed certificate impersonating the user's configured Termix server URL; the Electron client accepts the forged certificate without warning. When the victim logs in or performs any subsequent action, the attacker captures credentials and the issued JWT/session token and replays them against the real Termix server to gain full management access to the victim's SSH endpoints. …
Remediation No vendor-released patch identified at time of analysis, so users should monitor https://github.com/Termix-SSH/Termix/security/advisories/GHSA-r9gw-3w87-mhh7 and upgrade as soon as a fixed release is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Restrict Termix Desktop 1.7.0+ to trusted networks only; for essential use, require all traffic through a corporate VPN with certificate pinning. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Termix

View all
CVE-2025-59951 CRITICAL POC
9.1 Oct 01

Docker default credentials in Termix server management. PoC and patch available.

CVE-2026-22804 HIGH POC
8.0 Jan 12

Stored XSS in Termix File Manager (versions 1.7.0-1.9.0) allows attackers with SSH server access to execute arbitrary Ja

CVE-2026-45744 CRITICAL
9.9 Jun 05

Remote command execution in Termix web-based server management platform (versions prior to 2.3.2) allows any authenticat

CVE-2026-45748 CRITICAL
9.8 Jun 05

OS command injection in Termix web-based server management platform prior to version 2.3.2 allows remote unauthenticated

CVE-2026-45746 CRITICAL
9.0 Jun 05

Cross-tenant remote code execution in Termix (web-based SSH/file management platform) prior to version 2.3.2 allows an a

CVE-2026-45750 CRITICAL
9.0 Jun 05

Command injection in Termix server management platform before version 2.3.2 allows authenticated users to execute arbitr

CVE-2026-42453 HIGH
8.7 May 08

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to v

CVE-2026-45749 HIGH
8.1 Jun 05

Authentication bypass of MFA in Termix versions prior to 2.3.2 allows an attacker who already holds a victim's account p

CVE-2026-45743 HIGH
8.1 Jun 05

Cross-tenant SSH session hijacking in Termix versions prior to 2.3.2 allows any authenticated user to fully control anot

CVE-2026-42452 HIGH
8.1 May 08

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to v

Share

EUVD-2026-34871 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy