CVE-2026-42454
CRITICALTermix: OS Command Injection in Docker Container Management Endpoints
Title source: cnaDescription
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed via ssh2.Client.exec() on remote managed servers without any sanitization or validation. An authenticated attacker can inject arbitrary OS commands by crafting a malicious container ID, achieving Remote Code Execution on any managed server. This issue has been patched in version 2.1.0.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/Termix-SSH/Termix/security/advisories/GHSA-c2g2-hqgq-6w9v
X_Refsource_Misc x_refsource_misc
https://github.com/Termix-SSH/Termix/releases/tag/release-2.1.0-tag
Scores
CVSS v3
9.9
EPSS
0.0065
EPSS Percentile
46.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
Termix-SSH/Termix
< 2.1.0
Published
May 08, 2026
Tracked Since
May 09, 2026