CVE-2026-12059

high

Description

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

References

https://www.twcert.org.tw/tw/cp-132-10966-3258e-1.html

https://www.twcert.org.tw/en/cp-139-10965-3ce75-2.html

Details

Source: Mitre, NVD

Published: 2026-06-12

Updated: 2026-06-12

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H