Ghostwire

CVE-2026-12059: The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated...

HIGH CVSS 8.8 Exploit Available

Published: June 12, 2026 | Last Modified: June 12, 2026

Description

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

www.twcert.org.tw/en/cp-139-10965-3ce75-2.html
www.twcert.org.tw/tw/cp-132-10966-3258e-1.html
www.tenable.com/cve/CVE-2026-12059
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-12059