PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45749 Termix-SSH CVE debrief

CVE-2026-45749 is a high-severity vulnerability in Termix, a web-based server management platform. The vulnerability allows an attacker to bypass two-factor authentication (2FA) by using only a user's password to disable Time-Based One-Time Password (TOTP) or regenerate backup codes. This issue affects Termix versions prior to 2.3.2.

Vendor
Termix-SSH
Product
Termix
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Administrators and users of Termix, especially those who rely on 2FA for security, should be aware of this vulnerability. It is crucial for them to update to version 2.3.2 or later to mitigate the risk.

Technical summary

The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior to version 2.3.2 do not properly enforce multi-factor authentication for critical operations. An attacker who obtains a user's password can exploit this weakness to disable TOTP or regenerate backup codes without needing the TOTP device or a valid TOTP code. This effectively bypasses 2FA protection.

Defensive priority

High

Recommended defensive actions

  • Update Termix to version 2.3.2 or later.
  • Review and enforce strong password policies.
  • Educate users about the importance of 2FA and phishing risks.

Evidence notes

CVE-2026-45749 has a CVSS score of 8.1 and is classified as HIGH severity. The vulnerability was published on 2026-06-05 and modified on 2026-06-08.

Official resources

CVE-2026-45749 was published on 2026-06-05 and modified on 2026-06-08. The vulnerability affects Termix versions prior to 2.3.2.