CVE-2026-45746
Modified Modified - Updated After Analysis
Broken Access Control in Termix File Manager

Publication date: 2026-06-05

Last updated on: 2026-06-09

Assigner: GitHub, Inc.

Description
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend trusts a client-controlled identifier without verifying that it belongs to the authenticated user. This allows an attacker to manipulate the value and access active File Manager sessions belonging to other users. Since these sessions are tied to SSH connections to remote VPS instances, exploitation allows unauthorized interaction with another user's remote filesystem. Because the File Manager exposes functionality such as file reading, writing, uploading, and execution, this vulnerability enables direct command execution on another user's VPS (RCE). Version 2.3.2 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-09
Generated
2026-06-27
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-25
NVD
CVE-2026-45746
EUVD
EUVD-2026-34874
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
termix termix From 2.1.0 (inc) to 2.3.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthorized access to other users' remote filesystems and enables remote code execution on their VPS instances due to broken access control in the Termix File Manager. This unauthorized access to sensitive data and systems could lead to violations of data protection and privacy regulations such as GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

Specifically, the improper validation of session identifiers and the ability for attackers to hijack sessions may result in unauthorized disclosure, modification, or destruction of protected data, undermining compliance with confidentiality, integrity, and availability requirements mandated by these standards.

Executive Summary

CVE-2026-45746 is a critical vulnerability in the Termix SSH file manager that affects versions up to 2.1.0. The issue arises because the sessionId parameter, which is controlled by the client, is not properly validated or bound to the authenticated user on the backend. This allows an attacker to manipulate the sessionId value to hijack active File Manager sessions belonging to other users.

Since these sessions are connected to SSH connections on remote VPS instances, an attacker can gain unauthorized access to another user's remote filesystem. This includes the ability to read, write, upload, and execute files, effectively enabling remote code execution (RCE) on the victim's VPS.

The vulnerability stems from improper access control and authorization bypass due to trusting a client-controlled identifier without verifying ownership.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to your remote VPS filesystem through hijacked File Manager sessions. An attacker can read, modify, upload, or delete files on your server.

More critically, the attacker can execute arbitrary commands remotely on your VPS, leading to full remote code execution (RCE). This can compromise the confidentiality, integrity, and availability of your server and any data or services it hosts.

Detection Guidance

Detection of this vulnerability involves identifying manipulation or unauthorized use of the sessionId parameter in Termix File Manager sessions. Since the sessionId is client-controlled and predictable, monitoring HTTP requests to the File Manager endpoints for unusual or repeated sessionId values that do not belong to the authenticated user can indicate exploitation attempts.

Commands or tools to detect this might include capturing and analyzing HTTP traffic to the Termix server, for example using tools like tcpdump or Wireshark to filter requests to the File Manager endpoints and inspect sessionId parameters.

Additionally, reviewing server logs for access patterns where sessionId values are used by multiple different user accounts or IP addresses may help identify suspicious activity.

Specific commands could be:

  • tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443' | grep sessionId
  • grep 'sessionId=' /var/log/termix/access.log | sort | uniq -c | sort -nr
  • Use web application scanners or custom scripts to test if sessionId values can be manipulated to access other users' sessions.
Mitigation Strategies

The immediate mitigation step is to upgrade Termix to version 2.3.2 or later, where the vulnerability has been patched.

Until the upgrade can be performed, restrict access to the Termix File Manager functionality to trusted users only and monitor for suspicious sessionId usage.

Additionally, consider implementing network-level controls such as firewall rules to limit access to the Termix server and enforce strong authentication mechanisms.

The root cause is improper validation of the sessionId parameter, so ensuring that session identifiers are bound to authenticated users and are not predictable is critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45746. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart