PatchSiren cyber security CVE debrief
CVE-2026-12059 Cellopoint CVE debrief
CVE-2026-12059 is an Improper Access Control vulnerability in the SSH service of CelloOS developed by Cellopoint. The vulnerability allows authenticated remote attackers to bypass enforced command restrictions and execute operating system commands outside the originally authorized scope. The CVSS score for this vulnerability is 8.7, indicating a HIGH severity level.
- Vendor
- Cellopoint
- Product
- CelloOS
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of CelloOS developed by Cellopoint should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The SSH service of CelloOS has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by Cellopoint to fix the vulnerability.
- Restrict access to the SSH service to only trusted users and networks.
- Monitor SSH service logs for suspicious activity.
Evidence notes
The CVE record was published on 2026-06-12T07:16:19.780Z and modified on 2026-06-12T16:00:18.860Z. The vulnerability has a CVSS score of 8.7 and is classified as CWE-1284.
Official resources
CVE-2026-12059 was published on 2026-06-12T07:16:19.780Z and modified on 2026-06-12T16:00:18.860Z.