CVE-2026-12059 | THREATINT

Description

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

PUBLISHED Reserved 2026-06-12 | Published 2026-06-12 | Updated 2026-06-12 | Assigner twcert

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1284 Improper validation of specified quantity in input

Product status

Default status

unaffected

Any version before 4.8.0 Build 20260316

affected

References

www.twcert.org.tw/tw/cp-132-10966-3258e-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-10965-3ce75-2.html third-party-advisory

cve.org (CVE-2026-12059)

nvd.nist.gov (CVE-2026-12059)

Download JSON