Compliance Impact

The vulnerability allows authenticated users to execute arbitrary commands on remote hosts via the Termix File Manager component, leading to critical impacts on confidentiality, integrity, and availability of data.

Such impacts can result in unauthorized access to sensitive information, data manipulation, and service disruption, which may violate compliance requirements under standards like GDPR and HIPAA that mandate protection of personal and health data.

Therefore, exploitation of this vulnerability could lead to non-compliance with these regulations due to potential data breaches and failure to maintain data security.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-45750 is an arbitrary command execution vulnerability in the Termix File Manager component of the Termix-SSH/Termix application, affecting versions 2.1.0 and earlier.

The issue occurs in the GET /ssh/file_manager/ssh/resolvePath endpoint, where the user-controlled 'path' parameter is improperly sanitized before being embedded into a shell command executed over an active SSH session.

Although double quotes are escaped, shell command substitution syntax such as $(...) is not neutralized, allowing attackers to inject and execute arbitrary commands on the remote host.

Additionally, a broken access control flaw allows attackers to redirect command execution to other users' sessions by manipulating the sessionId parameter, enabling attacks against third-party remote infrastructure within the same Termix instance.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have critical impacts on the confidentiality, integrity, and availability of your systems.

• An attacker with authenticated File Manager access can execute arbitrary commands on the remote host, potentially leading to unauthorized data access or modification.
• The broken access control issue can allow attackers to execute commands on other users' sessions, compromising third-party remote infrastructure.
• Overall, exploitation could lead to system compromise, data breaches, service disruption, and unauthorized control over affected systems.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves identifying if your Termix installation is running a vulnerable version (2.1.0 or earlier) and if the GET /ssh/file_manager/ssh/resolvePath endpoint is accessible.

You can check the Termix version by running commands on the server hosting Termix, such as:

• Check the installed Termix version: termix --version or check the package version via your package manager.

To detect exploitation attempts or vulnerability presence on the network, monitor HTTP requests to the vulnerable endpoint for suspicious path parameters containing shell command substitution syntax like $(...). For example, use network monitoring tools or web server logs to search for requests matching:

• GET /ssh/file_manager/ssh/resolvePath?path=$(...)

Additionally, you can use intrusion detection system (IDS) rules or custom scripts to flag requests with suspicious characters such as $(), backticks, or other shell metacharacters in the path parameter.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Termix to version 2.3.2 or later, where the vulnerability has been fixed.

If upgrading immediately is not possible, consider the following temporary measures:

• Restrict access to the Termix File Manager component, especially the /ssh/file_manager/ssh/resolvePath endpoint, to trusted users only.
• Implement network-level controls such as firewall rules or web application firewall (WAF) rules to block requests containing suspicious shell command syntax in the path parameter.
• Monitor logs for unusual activity targeting the vulnerable endpoint and respond promptly to any detected exploitation attempts.

Useful 0 Not Useful 0