PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45744 Termix-SSH CVE debrief

CVE-2026-45744 is a critical OS command injection vulnerability in Termix, a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The vulnerability exists in the GET /ssh/file_manager/ssh/resolvePath endpoint, which uses double-quote escaping for shell command construction. This does not prevent $(...) and backtick command substitution, allowing an authenticated user with an active File Manager SSH session to execute arbitrary commands on the connected remote host. The vulnerability has a CVSS score of 9.9 and is considered CRITICAL. The issue was patched in version 2.3.2.

Vendor
Termix-SSH
Product
Termix
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Administrators and users of Termix versions prior to 2.3.2 should be aware of this vulnerability and take immediate action to upgrade to the patched version.

Technical summary

The vulnerability exists in the GET /ssh/file_manager/ssh/resolvePath endpoint of Termix. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution. This allows an authenticated user with an active File Manager SSH session to execute arbitrary commands on the connected remote host.

Defensive priority

high

Recommended defensive actions

  • Upgrade to Termix version 2.3.2 or later.
  • Ensure that only authorized users have access to the File Manager SSH session.
  • Monitor for suspicious activity on the Termix platform.

Evidence notes

The vulnerability was reported by an unknown source and patched in version 2.3.2. The CVE record and NVD detail pages provide additional information about the vulnerability.

Official resources

CVE-2026-45744 was published on 2026-06-05T18:17:29.510Z and modified on 2026-06-08T20:17:01.090Z.