CVE ID :CVE-2026-42452
Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago
Description :Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago
Description :Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-42452
Unknown
N/A
N/A
⚠️ Vulnerability Description:
1. IMMEDIATE ACTIONS
Isolate or segment any systems and applications utilizing the Universal Data Exchange Protocol (UDEP) library, especially those exposed to untrusted networks or external users. Restrict network access to these services to only essential, trusted sources.
Immediately review system logs, application logs, and security appliance logs (e.g., WAF, IDS/IPS) for any signs
Isolate or segment any systems and applications utilizing the Universal Data Exchange Protocol (UDEP) library, especially those exposed to untrusted networks or external users. Restrict network access to these services to only essential, trusted sources.
Immediately review system logs, application logs, and security appliance logs (e.g., WAF, IDS/IPS) for any signs
💡 AI-generated — review with a security professional before acting.View on NVD →