PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45745 Termix-SSH CVE debrief

CVE-2026-45745 is a HIGH severity vulnerability in Termix Desktop (Electron) that disables TLS certificate validation. This vulnerability, which has a CVSS score of 8, was published on 2026-06-05T18:17:30.180Z and last modified on 2026-06-08T15:02:28.243Z. The vulnerability affects Termix versions starting from 1.7.0. An attacker can exploit this vulnerability to intercept and modify HTTPS traffic to the configured Termix server, leading to credential theft and JWT/session theft during login and normal use. As of the time of publication, no known patched versions are available.

Vendor
Termix-SSH
Product
Termix
CVSS
HIGH 8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Users of Termix Desktop (Electron) version 1.7.0 and later should be aware of this vulnerability and take necessary precautions to mitigate the risk.

Technical summary

The vulnerability is caused by the disabling of TLS certificate validation in Termix Desktop (Electron) starting from version 1.7.0. This allows a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Termix server.

Defensive priority

HIGH

Recommended defensive actions

  • Users should verify the authenticity of the Termix server before connecting to it.
  • Users should use additional security measures, such as verifying the server's identity through other means, to mitigate the risk of this vulnerability.
  • Users should monitor for updates from the vendor and apply patches as soon as they become available.

Evidence notes

The vulnerability is analyzed and has a CVSS vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N. The weakness associated with this vulnerability is CWE-295.

Official resources

CVE-2026-45745 was published on 2026-06-05T18:17:30.180Z and last modified on 2026-06-08T15:02:28.243Z.