CVE-2026-42452
Authentication Bypass via JWT in Termix 2.1.0
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| termix | termix | to 2.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-304 | The product implements an authentication technique, but it skips a step that weakens the technique. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Termix, a web-based server management platform. Before version 2.1.0, when a user with TOTP (Time-based One-Time Password) enabled logs in, the system issues a temporary JWT token (temp_token) that is meant to be used only during the second-factor authentication step. However, due to a flaw, this temporary token is accepted by the authentication middleware on regular authenticated endpoints, effectively bypassing the second-factor requirement.
As a result, accounts that should require two-factor authentication (2FA) can be accessed with only a password, turning 2FA into single-factor authentication.
How can this vulnerability impact me? :
This vulnerability can significantly weaken the security of accounts protected by two-factor authentication in Termix. Attackers who obtain a valid password can bypass the second authentication factor, gaining unauthorized access to user accounts.
Such unauthorized access can lead to compromise of sensitive server management functions, including SSH terminal access, tunneling, and file editing capabilities, potentially resulting in data breaches or system manipulation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Termix to version 2.1.0 or later, where the issue has been patched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability effectively disables two-factor authentication (2FA) for impacted accounts by allowing a temporary JWT token intended only for the second-factor flow to be accepted on regular authenticated endpoints. This reduction from two-factor to single-factor authentication weakens the security posture of the affected system.
Such a weakening of authentication controls can increase the risk of unauthorized access to sensitive data, which may lead to non-compliance with security requirements mandated by common standards and regulations like GDPR and HIPAA that require strong access controls and protection of personal or health information.