PatchSiren cyber security CVE debrief
CVE-2026-45743 Termix-SSH CVE debrief
CVE-2026-45743 is a high-severity vulnerability in Termix, a web-based server management platform. The issue affects 16 file-manager endpoints in Termix versions prior to 2.3.2. These endpoints do not properly verify that the requesting user owns the SSH session identified by `sessionId`. This weakness allows an authenticated attacker who knows or guesses another user's active `sessionId` to perform various unauthorized actions on the victim's connected SSH host, including reading, writing, deleting, downloading, and executing files.
- Vendor
- Termix-SSH
- Product
- Termix
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Termix, especially those with SSH terminal, tunneling, and file editing capabilities, should be aware of this vulnerability. Anyone using Termix versions earlier than 2.3.2 is at risk.
Technical summary
The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. It exists in the file-manager endpoints of Termix. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-639.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Termix to version 2.3.2 or later.
- Restrict access to sensitive file-manager endpoints.
- Implement additional authentication checks for SSH sessions.
Evidence notes
Evidence from the NVD and CVE.org confirms the vulnerability details and the affected versions of Termix.
Official resources
-
CVE-2026-45743 CVE record
CVE.org
-
CVE-2026-45743 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
CVE-2026-45743 was published on 2026-06-05T18:17:28.793Z and modified on 2026-06-08T17:16:44.553Z.