CVE-2026-45749

Published: Giu 05, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical operations. An attacker who obtains a user's password (phishing, credential stuffing, the passwordHash leak in GHSA-xxxx) can disable TOTP entirely or regenerate backup codes, without ever possessing the TOTP device or knowing a valid TOTP code. This renders two-factor authentication ineffective. Version 2.3.2 patches the issue.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0006

Percentile

0,2th

Updated

EPSS Score Trend (Last 7 Days)

308

Use of Single-factor Authentication

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

Application

Termix by Termix

Product Information

Vendor Termix

Product Termix

Version Range Affected

From 2.1.0 (inclusive)

To 2.3.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:termix:termix:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/Termix-SSH/Termix/security/advisories/GH…

https://github.com/Termix-SSH/Termix/security/advisories/GHSA-wqfw-rqj7-fv9m

https://github.com/Termix-SSH/Termix/releases/tag/release-2…

https://github.com/Termix-SSH/Termix/releases/tag/release-2.3.2-tag

https://github.com/Termix-SSH/Termix/security/advisories/GH…

https://github.com/Termix-SSH/Termix/security/advisories/GHSA-wqfw-rqj7-fv9m

CVE-2026-45749

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 7 Days)

Use of Single-factor Authentication

Common Consequences

Applicable Platforms

Termix by Termix

Product Information

Iscriviti alla newsletter