Platform
javascript
Component
termix
Fixed in
1.7.1
CVE-2026-22804 describes a Stored Cross-Site Scripting (XSS) vulnerability within the Termix File Manager component of the Termix web-based server management platform. This flaw allows an attacker to inject malicious JavaScript code that executes in the context of the application when a user previews a compromised SVG file. The vulnerability impacts Termix versions 1.7.0 through 1.9.0, and a fix is available in version 1.10.0.
An attacker exploiting this vulnerability could gain significant control over a Termix user's session. By compromising a managed SSH server and planting a malicious SVG file, the attacker can trigger the execution of arbitrary JavaScript code when the file is previewed within the Termix File Manager. This could lead to session hijacking, credential theft, unauthorized access to the managed server, and potentially further lateral movement within the network. The impact is amplified if the Termix instance manages critical infrastructure or sensitive data, as the attacker could leverage the compromised session to escalate privileges and access valuable resources.
CVE-2026-22804 was publicly disclosed on 2026-01-12. No public proof-of-concept (POC) code has been released at the time of writing, but the vulnerability's nature makes it likely that a POC will emerge. The vulnerability is not currently listed on CISA KEV, and there are no reports of active exploitation campaigns. The vulnerability's location within a server management platform suggests a potentially high-value target for attackers.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-22804 is to immediately upgrade Termix to version 1.10.0 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing a temporary workaround by disabling SVG file previews within the Termix File Manager. Additionally, implement strict file upload validation to prevent the upload of potentially malicious SVG files. Monitor Termix logs for suspicious activity, particularly related to file previews and JavaScript execution. After upgrading, confirm the fix by attempting to upload and preview a known malicious SVG file – it should not execute JavaScript.
Actualice Termix a la versión 1.10.0 o superior. Esta versión corrige la vulnerabilidad XSS almacenada en el administrador de archivos. La actualización evitará la ejecución de código JavaScript arbitrario al previsualizar archivos SVG maliciosos.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22804 is a Stored Cross-Site Scripting (XSS) vulnerability in the Termix File Manager component, allowing malicious SVG files to execute JavaScript in the application's context.
You are affected if you are running Termix versions 1.7.0 through 1.9.0. Upgrade to version 1.10.0 or later to mitigate the vulnerability.
Upgrade Termix to version 1.10.0 or later. As a temporary workaround, disable SVG file previews within the File Manager.
There are currently no reports of active exploitation campaigns, but the vulnerability's nature makes it a potential target.
Refer to the Termix project's official website or GitHub repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.