CVE 8.7 HIGH

Cellopoint｜CelloOS – Improper Access Control_CVE-2026-12059

June 12, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

AI Analysis

Improper Access Control vulnerability in CelloOS SSH service, allowing authenticated remote attackers to bypass command restrictions and execute operating system commands outside the authorized scope.

Basic Information

ID CVE-2026-12059

Source twcert

Published Jun 12, 2026 at 06:30

Affected Product

Vendor Cellopoint

Product CelloOS

Affected Versions Cellopoint CelloOS 0

CWE Classification

CWE-1284

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Cellopoint

Product CelloOS

References

{
    "lastseen": "",
    "description": "The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.",
    "published": "2026-06-12T06:30:54.990Z",
    "modified": "2026-06-12T06:30:54.990Z",
    "type": "cve",
    "title": "Cellopoint\uff5cCelloOS - Improper Access Control",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10966-3258e-1.html\nhttps://www.twcert.org.tw/en/cp-139-10965-3ce75-2.html",
    "id": "CVE-2026-12059",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1284"
    ],
    "cvelist": null,
    "sourceData": "Cellopoint CelloOS 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CelloOS",
    "version": "0",
    "vendor": "Cellopoint",
    "ai_description": "Improper Access Control vulnerability in CelloOS SSH service, allowing authenticated remote attackers to bypass command restrictions and execute operating system commands outside the authorized scope.",
    "ai_severity": "High",
    "ai_vendor": "Cellopoint",
    "ai_product": "CelloOS",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply