Skip to main content
Mallory
Back to vulnerabilities
CriticalPublic exploit

Broken Access Control in Termix File Manager sessionId Handling

IdentifiersCVE-2026-45746CWE-639· Authorization Bypass Through…

CVE-2026-45746 is a critical broken access control vulnerability in the File Manager component of Termix, a web-based server management platform that provides SSH terminal, tunneling, and file editing capabilities. In versions prior to 2.3.2, the backend improperly trusts the client-supplied sessionId parameter and does not verify that the referenced File Manager session belongs to the currently authenticated user. By modifying this identifier, an attacker can access active File Manager sessions associated with other users. Because those sessions are bound to SSH connections to remote VPS instances, the flaw permits unauthorized interaction with another user's remote filesystem. The exposed File Manager capabilities include reading, writing, uploading, and executing files, which can be leveraged to achieve remote code execution on the victim user's VPS.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an authenticated attacker to hijack another user's active File Manager session and operate on the remote system reachable through that session's SSH connection. This can result in unauthorized access to sensitive files, arbitrary modification or deletion of data, file upload, and execution of attacker-controlled content. In practice, the vulnerability can lead to full compromise of the victim-managed VPS, including remote code execution in the context available through the associated SSH session.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict access to Termix to trusted administrators only, minimize exposure of the web interface, and monitor for anomalous access to File Manager sessions or unexpected cross-user activity. Terminate stale or unnecessary File Manager/SSH sessions to reduce the attack surface. Additional temporary hardening includes placing the application behind strong authentication controls and network access restrictions until the fixed version can be deployed.

Remediation

Patch, then assume compromise.

Upgrade Termix to version 2.3.2 or later, which patches the improper authorization logic around File Manager session handling. The backend should enforce server-side authorization checks to ensure any sessionId or equivalent object reference is bound to and accessible only by the authenticated user who owns the session. Review and invalidate existing active File Manager sessions as appropriate after patching.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories and community write-ups. News coverage will land here when it surfaces.

7 SOURCESView more in app

No news coverage yet. Advisories and community discussion only.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-45746
NVD
nvd.nist.gov/vuln/detail/CVE-2026-45746
MITRE CWE · CWE-639
Authorization Bypass Through User-Controlled Key
Vendor Advisory
github.com/Termix-SSH/Termix/security/advisories/GHSA-cx2r-843c-vww8