CVE-2026-45745

Published: Giu 05, 2026 Last Modified: Giu 05, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,0
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: high
Integrity: high
Availability: none

Description

AI Translation Available

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Termix server. This can lead to credential theft and JWT/session theft during login and normal use. As of time of publication, no known patched versions are available.

295

Improper Certificate Validation

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Authentication
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: Not Technology-Specific, Web Based, Mobile
View CWE Details
https://github.com/Termix-SSH/Termix/security/advisories/GH…
https://github.com/Termix-SSH/Termix/security/advisories/GHSA-r9gw-3w87-mhh7