CVE-2026-12059

Summary

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

Affected Software

VendorProductVersion RangeStatus
CellopointCelloOS0 < 4.8.0 Build 20260316affected

Weaknesses

  • CWE-1284: CWE-1284 Improper validation of specified quantity in input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References