CVE-2026-22804

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0

Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting (XSS) issue exists in the Termix File Manager component due to insufficient sanitization of SVG file content before rendering. An attacker who has gained access to a managed SSH server can place a malicious file that, when previewed by a Termix user, will execute arbitrary JavaScript within the application's context. The vulnerable component is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx.

Recommendations Update to version 1.10.0 or later.