CriticalPublic exploit

OS Command Injection in Termix resolvePath Endpoint

IdentifiersCVE-2026-45744CWE-78· Improper Neutralization of Special…

CVE-2026-45744 is an OS command injection vulnerability in Termix, a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The flaw affects versions prior to 2.3.2 and is present in the GET /ssh/file_manager/ssh/resolvePath endpoint. According to the provided advisory, the endpoint constructs shell commands using double-quote escaping, but that escaping is insufficient because it does not prevent shell command substitution via $(...) or backticks. As a result, an authenticated user who has an active File Manager SSH session can inject shell metacharacters into input processed by resolvePath and cause arbitrary commands to be executed on the connected remote host.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows arbitrary command execution on the remote host associated with the victim Termix SSH/File Manager session. Given the stated CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), impact includes full compromise of confidentiality, integrity, and availability on that connected host within the scope of the established SSH session, potentially enabling data access, file modification, destructive actions, and further pivoting depending on the privileges of the remote account in use.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, restrict access to Termix to only trusted administrators, disable or limit File Manager SSH functionality where feasible, and prevent untrusted users from establishing or using SSH-backed file management sessions. Apply network access controls to the Termix interface, monitor requests to /ssh/file_manager/ssh/resolvePath for suspicious command-substitution patterns such as $(...) and backticks, and review logs and remote shell histories for anomalous commands. These are temporary risk-reduction measures and do not replace upgrading to 2.3.2 or later.

Remediation

Patch, then assume compromise.

Upgrade Termix to version 2.3.2 or later, as version 2.3.2 is identified as the patch release for this issue. Review the vendor's release and associated security advisory to ensure the fixed code is deployed everywhere Termix is installed. After patching, rotate or review any credentials and inspect remote hosts reachable through Termix for signs of command execution abuse if exploitation is suspected.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

cvefeed high severityNews

Jun 5, 2026

CVE-2026-45744 - Termix has an OS Command Injection in File Manager resolvePath endpoint

An OS command injection vulnerability in the GET /ssh/file_manager/ssh/resolvePath endpoint of Termix prior to version 2.3.2. Improper shell escaping allows authenticated users with an active File Manager SSH session to execute arbitrary commands on the connected remote host.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-45744

NVD

nvd.nist.gov/vuln/detail/CVE-2026-45744

MITRE CWE · CWE-78

Improper Neutralization of Special Elements…

Vendor Advisory

github.com/Termix-SSH/Termix/security/advisories/GHSA-37f4-wq95-pg33

Release Notes

github.com/Termix-SSH/Termix/releases/tag/release-2.3.2-tag