| TVN ID | TVN-202606002 |
|---|---|
| CVE ID | CVE-2026-12059 |
| CVSS | 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | CelloOS version before 4.8.0 Build 20260316 |
| Description | The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope. |
| Solution | Systems connected to the vendor update service received vendor-side remediation on 2026-03-18. Systems that are offline, isolated, or otherwise unable to receive remote patches should be manually updated to any fixed release made available on or after 2026-03-18. |
| Credit | nz, Ting-Wei Hsieh, yc(CHT Security) |
| Public Date | 2026-06-12 |
:::