CVE-2026-12059: Cellopoint|CelloOS - Improper Access Control
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- 4.8.0 Build 20260316
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Improper access control in the SSH service of CelloOS (by Cellopoint) allows an authenticated remote attacker to bypass enforced command restrictions and run arbitrary operating system commands outside the originally permitted scope. The vulnerability is reachable over the network and requires only a low-privilege account, with no victim interaction needed. Successful exploitation gives the attacker full read, write, and availability impact on the vulnerable host. A patched-image rebuild at version 4.8.0 Build 20260316 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-12059 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle CelloOS. Any image running a CelloOS version below 4.8.0 Build 20260316 is flagged automatically in both registry scans and CI/CD pipeline checks.
AvailableHarborGuard is capable of scoring this finding at CVSS 8.7 (High, v4.0) and weighting it against each customer environment's compliance policy before routing the alert to the appropriate team inbox. Per-environment context, such as whether the SSH service is exposed to untrusted networks, can be applied to prioritize triage queues accordingly.
AvailableA patched-image rebuild at CelloOS 4.8.0 Build 20260316 becomes available in HarborGuard the moment the fix version is confirmed against the customer's image manifest. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test pass, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The SSH service must be reachable over the network; an attacker targets the exposed service from a remote host.
- AuthenticationRequired
A valid account is needed to reach the vulnerable code path, but any low-privilege credential is sufficient.
- Victim interactionNot required
No user action or social engineering is needed; the attacker operates entirely on their own.
- Attack complexityDetail
The exploit is reliable and condition-free, with no race conditions or environmental factors required.
Blast Radius
- Reads sensitive files, credentials, and configuration data stored on the host.
- Writes or modifies files and system configuration outside the SSH command restrictions originally enforced.
- Executes arbitrary OS commands, enabling persistence mechanisms, lateral movement, or data exfiltration.
- Disrupts or terminates system services, causing a denial of service on the affected host.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-12059 is active across all customer image scanning pipelines, and a patched-image rebuild at CelloOS 4.8.0 Build 20260316 is available for any environment where an affected version is identified. For customers who opt into auto-remediation, HarborGuard can rebuild the image, run a regression test suite, and open a pull request against affected workloads; for high-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Customers who have not yet opted into auto-remediation are advised to prioritize upgrading to 4.8.0 Build 20260316, restrict SSH access to trusted source addresses via network policy, and audit existing low-privilege accounts for unexpected command execution history.
Fix available
- Cellopoint / CelloOS< 4.8.0 Build 20260316 (from 0)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N