Termix — Vulnerabilities & Security Advisories 5

All 5 CVE vulnerabilities found in Termix, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-42454	Termix: OS Command Injection in Docker Container Management Endpoints CWE-78	9.9	Critical	2026-05-08
CVE-2026-42453	Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass CWE-77	9.8^AI	Critical^AI	2026-05-08
CVE-2026-42452	Termix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP CWE-304	8.1	High	2026-05-08
CVE-2026-22804	Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser CWE-269	8.0	High	2026-01-12
CVE-2025-59951	Termix' official Docker image contains an authentication bypass vulnerability CWE-348	9.1^AI	Critical^AI	2025-10-01

All 5 known CVE vulnerabilities affecting Termix with full Chinese analysis, references, and POCs where available.