CVE-2026-45743
Session Hijacking in Termix Web-Based Server Management Platform
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| termix | ssh | From 2.3.2 (inc) |
| termix | ssh | to 2.3.2 (exc) |
| termix | ssh | to 2.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45743 is a high-severity vulnerability in the Termix web-based server management platform, specifically in its file-manager component prior to version 2.3.2.
The issue arises because 16 file-manager endpoints do not verify that the requesting user actually owns the SSH session identified by the sessionId parameter.
An authenticated attacker who knows or can guess another user's active sessionId can hijack that session and perform unauthorized actions such as reading, writing, deleting, downloading, and executing files on the victim's connected SSH host.
This vulnerability is classified as an Insecure Direct Object Reference (IDOR) and is caused by missing ownership checks on session access.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access and manipulation of files on your SSH hosts.
- An attacker can read sensitive files, potentially exposing confidential information.
- They can write or modify files, which could lead to data corruption or insertion of malicious code.
- Deletion of important files is possible, causing data loss.
- Attackers can download files, leading to data exfiltration.
- Execution of arbitrary commands on the victim's SSH host can compromise system integrity and security.
Overall, the vulnerability compromises confidentiality and integrity of your systems with a high severity score of 8.1.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized access to SSH sessions by exploiting the sessionId parameter in Termix file-manager endpoints. Detection involves monitoring for suspicious use or guessing of session IDs that do not belong to the authenticated user.
Since the vulnerability allows an attacker to read, write, delete, download, and execute files on another user's SSH session, detection can include checking logs for unusual file operations or command executions originating from unexpected session IDs.
Specific commands to detect exploitation are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Termix to version 2.3.2 or later, where the vulnerability has been patched by adding session ownership verification checks and improving session ID management.
Until the upgrade can be applied, restrict access to the Termix file-manager endpoints to trusted users only, and monitor for suspicious activity involving session IDs.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-45743 allows an authenticated attacker to access and manipulate another user's SSH session, leading to unauthorized read, write, delete, download, and execution of files on the victim's connected SSH host.
This unauthorized access and manipulation of sensitive data can lead to breaches of confidentiality and integrity, which are critical requirements under common standards and regulations such as GDPR and HIPAA.
Specifically, the exposure and potential alteration of sensitive files could result in non-compliance with data protection and privacy obligations mandated by these regulations.