What is CVE-2026-42454?

CVE-2026-42454 is a critical-severity vulnerability in Termix-ssh Termix, classified under OS Command Injection. CVSS score: 9.9/10. Published 2026-05-08.

How severe is CVE-2026-42454?

Critical severity. CVSS v3 base score is 9.9 out of 10.

RCE in Termix-ssh Termix

CVE-2026-42454

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and We…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (24.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Termix-ssh Termix — versions < 2.1.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-42454?: CVE-2026-42454 is a critical-severity vulnerability in Termix-ssh Termix, classified under OS Command Injection. CVSS score: 9.9/10. Published 2026-05-08.
How severe is CVE-2026-42454?: Critical severity. CVSS v3 base score is 9.9 out of 10.