Description
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution. Any authenticated user with an active File Manager SSH session can execute arbitrary commands on the connected remote host. Version 2.3.2 patches the issue.
Published: 2026-06-05
Score: 9.9 Critical
EPSS: 2.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Termix’s GET /ssh/file_manager/ssh/resolvePath endpoint allows OS command injection by using double‑quote escaping that does not filter $(...) or backtick substitutions. This flaw lets an authenticated user with an active File Manager SSH session execute arbitrary shell commands on the remote host that Termix connects to. The result is uncontrolled code execution, making the attacker able to read, modify, or delete data, install software, or pivot to other systems.

Affected Systems

The vulnerability affects Termix versions prior to 2.3.2, the web‑based server management platform that provides SSH terminals, tunneling, and file editing. Versions 2.3.2 and later include the patch that eliminates the vulnerable endpoint.

Risk and Exploitability

The CVSS score of 9.9 indicates critical severity. The EPSS score of 2% indicates a measurable exploitation probability, and the issue is not listed in CISA’s KEV catalog. Attackers need only an authenticated account with File Manager access to exploit the flaw, making the vector likely internal but requiring legitimate credentials. Given the high impact and confirmed exploitation path, the overall risk is severe.

Generated by OpenCVE AI on June 18, 2026 at 07:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Termix to version 2.3.2 or later to apply the fix for the OS command injection vulnerability.
  • If upgrading immediately is not possible, remove or disable the File Manager SSH feature for users who do not require it to limit the attack surface.
  • Apply least‑privilege policies on Termix accounts and monitor the use of the File Manager SSH endpoint for suspicious activity.

Generated by OpenCVE AI on June 18, 2026 at 07:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:termix:termix:*:*:*:*:*:*:*:*

Sun, 07 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Termix
Termix termix
Vendors & Products Termix
Termix termix

Fri, 05 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution. Any authenticated user with an active File Manager SSH session can execute arbitrary commands on the connected remote host. Version 2.3.2 patches the issue.
Title Termix has an OS Command Injection in File Manager resolvePath endpoint
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Termix Termix
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T03:58:44.286Z

Reserved: 2026-05-13T06:54:34.220Z

Link: CVE-2026-45744

cve-icon Vulnrichment

Updated: 2026-06-08T19:05:06.916Z

cve-icon NVD

Status : Modified

Published: 2026-06-05T18:17:29.510

Modified: 2026-06-08T20:17:01.090

Link: CVE-2026-45744

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')