CVE-2026-45745 HIGH

CVE-2026-45745: Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

Vendor Termix-Ssh
Product Termix
Weakness CWE-295
Published June 5, 2026
Last update June 10, 2026

CVSS base score

8.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Termix server. This can lead to credential theft and JWT/session theft during login and normal use. As of time of publication, no known patched versions are available.

Key dates

02Disclosure timeline

June 5, 2026 CVE published
June 10, 2026 Record updated