CVE-2026-45750
CriticalCVSS 9.0Summary
Termix is a server management platform that prior to version 2.3.2 had a vulnerability in the File Manager component where the path parameter was unsafely processed. This allowed malicious users to execute shell commands over an active SSH session.
Risk Assessment
Organizations may be exposed to remote code execution, potentially leading to server takeover. Exploitation of this vulnerability could result in serious data security consequences.
Recommendation
It is recommended to upgrade to version 2.3.2 or later to mitigate this vulnerability. Additionally, conducting a security audit to identify potential threats is advisable.
Original NVD description (English source)
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command executed over the active SSH session. Because the user-controlled value is placed inside double quotes and only double quotes are escaped, shell command substitution syntax such as $(...) is still interpreted by the remote shell. Version 2.3.2 fixes the issue.

