CVE-2026-42452

EUVD-2026-28862

08.05.2026, 23:16

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Common Weakness Enumeration

CWE-304 - Missing Critical Step in Authentication
The software implements an authentication technique, but it skips a step that weakens the technique.

References

https://github.com/Termix-SSH/Termix/releases/tag/release-2.1.0-tag

https://github.com/Termix-SSH/Termix/security/advisories/GHSA-vx59-rf9w-9jv8