CVE-2026-45743: CWE-639: Authorization Bypass Through User-Controlled Key in Termix-SSH Termix
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.
AI Analysis
Technical Summary
CVE-2026-45743 is an authorization bypass vulnerability in Termix, a web-based server management platform. The issue arises because 16 file-manager endpoints do not verify ownership of the SSH session identified by sessionId. An authenticated attacker who can guess or obtain another user's active sessionId can access and manipulate files on the victim's SSH host. The vulnerability affects Termix versions prior to 2.3.2 and is fixed in version 2.3.2.
Potential Impact
Successful exploitation allows an authenticated attacker to bypass authorization controls and gain unauthorized access to another user's SSH session. This enables the attacker to read, write, delete, download, and execute files on the victim's connected SSH host, potentially leading to significant confidentiality and integrity breaches. Availability impact is not indicated.
Mitigation Recommendations
Upgrade Termix to version 2.3.2 or later, where this authorization bypass vulnerability is patched. Since the vendor advisory or patch links are not explicitly provided, verify the update availability from official Termix sources before applying.
CVE-2026-45743: CWE-639: Authorization Bypass Through User-Controlled Key in Termix-SSH Termix
Description
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated attacker who knows or guesses another user's active `sessionId` can read, write, delete, download, and execute files on the victim's connected SSH host. Version 2.3.2 patches the issue.
CVSS v3.1
Score 8.1high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-45743 is an authorization bypass vulnerability in Termix, a web-based server management platform. The issue arises because 16 file-manager endpoints do not verify ownership of the SSH session identified by sessionId. An authenticated attacker who can guess or obtain another user's active sessionId can access and manipulate files on the victim's SSH host. The vulnerability affects Termix versions prior to 2.3.2 and is fixed in version 2.3.2.
Potential Impact
Successful exploitation allows an authenticated attacker to bypass authorization controls and gain unauthorized access to another user's SSH session. This enables the attacker to read, write, delete, download, and execute files on the victim's connected SSH host, potentially leading to significant confidentiality and integrity breaches. Availability impact is not indicated.
Mitigation Recommendations
Upgrade Termix to version 2.3.2 or later, where this authorization bypass vulnerability is patched. Since the vendor advisory or patch links are not explicitly provided, verify the update availability from official Termix sources before applying.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T06:54:34.220Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a23130be29bf47b50a3ecdc
Added to database: 6/5/2026, 6:18:51 PM
Last enriched: 6/5/2026, 6:34:11 PM
Last updated: 6/6/2026, 4:58:24 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.