CVE-2026-45748 CRITICAL

CVE-2026-45748: Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection

Vendor Termix-Ssh
Product Termix
Weakness CWE-78
Published June 5, 2026
Last update June 10, 2026
View on NVD All CVEs

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (`endpointIP`, `endpointUsername`, `password`) directly into a shell command without escaping, allowing persistent OS command injection on the source SSH host. Version 2.3.2 patches the issue.

Key dates

02Disclosure timeline

June 5, 2026 CVE published
June 10, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-21410 Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier CVE-2024-0295 Totolink LR1200GB cstecgi.cgi setWanCfg os command injection CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection CVE-2024-6187 Ruijie RG-UAC sub_commit.php os command injection CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector