CVE-2026-42454

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0

Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. All Docker container management endpoints interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed via the exec() function of ssh2.Client on remote managed servers without sanitization or validation. An authenticated attacker can inject arbitrary OS commands by crafting a malicious container ID, leading to Remote Code Execution on any managed server.

Recommendations Update to version 2.1.0.