CVE-2026-12059

Vulnerability

The SSH service in CelloOS, developed by Cellopoint, contains an Improper Access Control vulnerability. Versions before 4.8.0 Build 20260316 are affected [1][2]. Authenticated remote users can bypass the intended command restrictions imposed by the SSH service, gaining the ability to execute arbitrary operating system commands outside the originally authorized scope.

Exploitation

An attacker must have valid credentials and network access to the SSH service. No additional user interaction is required. The attacker authenticates to the SSH service and then sends commands that circumvent the enforced restrictions, allowing execution of arbitrary OS commands.

Impact

Successful exploitation allows an authenticated remote attacker to execute arbitrary operating system commands with the privileges of the SSH service. This leads to a complete compromise of confidentiality, integrity, and availability (CIA) of the affected system, as the attacker can read, modify, or delete data and potentially escalate privileges.

Mitigation

The vendor released a fix on 2026-03-18. Systems connected to the vendor update service received the remediation automatically on that date [1]. For offline, isolated, or systems otherwise unable to receive remote patches, administrators should manually update to a fixed release made available on or after 2026-03-18 [2]. No workarounds are mentioned in the advisories.