{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-12059: Cellopoint｜CelloOS - Improper Access Control","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-12059","status":"final","version":"1","initial_release_date":"2026-06-12T06:30:54.990Z","current_release_date":"2026-06-12T13:58:36.862Z","revision_history":[{"date":"2026-06-12T06:30:54.990Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-12059 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-12059"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-12059"},{"category":"external","summary":"twcert.org.tw","url":"https://www.twcert.org.tw/tw/cp-132-10966-3258e-1.html"},{"category":"external","summary":"twcert.org.tw","url":"https://www.twcert.org.tw/en/cp-139-10965-3ce75-2.html"}]},"product_tree":{"branches":[{"category":"vendor","name":"Cellopoint","branches":[{"category":"product_name","name":"CelloOS","branches":[{"category":"product_version_range","name":"<4.8.0 Build 20260316","product":{"name":"Cellopoint CelloOS <4.8.0 Build 20260316","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:cellopoint:celloos:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-12059","title":"Cellopoint｜CelloOS - Improper Access Control","notes":[{"category":"description","text":"The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","baseScore":8.7,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 4.8.0 Build 20260316.","product_ids":["CSAFPID-1"]}]}]}