CVE-2026-45744
CRITICALTermix <2.3.2 File Manager resolvePath - OS Command Injection
Title source: manualDescription
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution. Any authenticated user with an active File Manager SSH session can execute arbitrary commands on the connected remote host. Version 2.3.2 patches the issue.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/Termix-SSH/Termix/security/advisories/GHSA-37f4-wq95-pg33
X_Refsource_Misc x_refsource_misc
https://github.com/Termix-SSH/Termix/releases/tag/release-2.3.2-tag
Scores
CVSS v3
9.9
EPSS
0.0161
EPSS Percentile
72.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
termix/termix
2.1.0 - 2.3.2
Termix-SSH/Termix
< 2.3.2
Published
Jun 05, 2026
Tracked Since
Jun 06, 2026