Description
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.
Published: 2026-06-05
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Termix, a web-based server management platform, contains a missing ownership check for its file‑manager endpoints. An authenticated user can supply any session identifier (sessionId) and the system will accept it without verifying that the session belongs to that user. This flaw allows the attacker to read, write, delete, download, and execute files on the host machine connected via SSH, effectively giving the attacker the ability to run arbitrary code on the victim’s system. The underlying weakness is an Insecure Direct Object Reference (CWE‑639).

Affected Systems

The vulnerability affects all instances of Termix up to, but not including, version 2.3.2. Users of Termix provided by Termix‑SSH are at risk if they have not upgraded beyond 2.3.2, as earlier releases expose all 16 file‑manager endpoints without session ownership validation.

Risk and Exploitability

The CVSS score of 8.1 ranks this issue as high severity. An attacker who is authenticated and who learns or guesses another user’s sessionId can exploit the flaw with little or no additional prerequisites. Because the EPSS score is not available, the precise exploitation probability is unclear, but the flaw is not listed in the CISA KEV catalog, indicating that no publicly known exploitation campaigns have been documented yet. In practice, the simplest attack path requires only knowledge of a sessionId, making the exploit likely for attackers who can target a single user or a group of users within the same Termix instance.

Generated by OpenCVE AI on June 5, 2026 at 19:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Termix to version 2.3.2 or later, which implements proper session ownership checks on all file‑manager endpoints.
  • Regenerate session identifiers or force a logout for all users to remove exposed sessionIds before applying the patch.
  • Implement monitoring of file‑system activity to detect any unauthorized read, write, or execute operations that may surface prior to full remediation.

Generated by OpenCVE AI on June 5, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.
Title Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-05T17:56:53.201Z

Reserved: 2026-05-13T06:54:34.220Z

Link: CVE-2026-45743

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-05T18:17:28.793

Modified: 2026-06-05T19:00:25.007

Link: CVE-2026-45743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T19:45:03Z

Weaknesses