Cellopoint｜CelloOS - Improper Access Control
CVE-2026-12059

8.7HIGH

Key Information:

Vendor: Cellopoint
Status: Celloos
Vendor: CVE Published:; 12 June 2026

What is CVE-2026-12059?

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

Affected Version(s)

CelloOS 0 < 4.8.0 Build 20260316

References

https://www.twcert.org.tw/tw/cp-132-10966-3258e-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10965-3ce75-2.html

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
Jun 12, 2026

CVE-2026-12059 Data

JSON