All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-12059
HIGHpublished 2026-06-12 07:16 UTC · 13 days ago · modified 2026-06-12 16:00 UTC
8.7
CVSS / 10
// description
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.
// cvss 4.0 vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
// weaknesses (CWE)
- CWE-1284