CVE-2026-12059
8.8 HIGHThe SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers ...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-1284
Description
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-49110 — Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions (7.5 HIGH)
- CVE-2026-49078 — Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions (7.5 HIGH)
- CVE-2026-45441 — Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions (7.5 HIGH)
- CVE-2026-42657 — Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions (5.3 MEDIUM)
- CVE-2026-11596 — In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user ... (4.7 MEDIUM)