CVE-2026-45746 is a critical Broken Access Control vulnerability in Termix-SSH's Termix platform before version 2.3.2. The vulnerability arises because the backend does not properly validate the sessionId parameter in the File Manager, trusting a client-controlled value without verifying that it belongs to the authenticated user. This flaw enables an attacker to manipulate sessionId values to access other users' active File Manager sessions, which are linked to SSH connections on remote VPS instances. Exploitation allows unauthorized file system access and remote code execution on another user's VPS. The vulnerability is patched in Termix version 2.3.2.

Successful exploitation allows an attacker with at least limited privileges to bypass access controls and interact with another user's remote VPS filesystem. This includes reading, writing, uploading files, and executing commands remotely, resulting in full compromise of the affected VPS instance. The CVSS score of 9.0 reflects the critical confidentiality, integrity, and availability impacts. There are no known exploits in the wild as of the published date.

Upgrade Termix to version 2.3.2 or later, where this vulnerability is patched. Since this is an on-premises product, administrators must apply the update manually. Patch status is not explicitly stated in the vendor advisory, but the description confirms version 2.3.2 fixes the issue. Until patched, restrict access to the File Manager functionality to trusted users only.