Command Restriction Bypass in Cellopoint CelloOS SSH Service

Successful exploitation allows an authenticated remote attacker to escape the intended command restrictions enforced by the CelloOS SSH service and run unauthorized operating system commands. This can compromise confidentiality, integrity, and availability, as reflected by the published CVSS vectors, because the attacker may access data, modify system state, or disrupt service operation beyond the privileges intended by the restricted SSH configuration.

Until a patch is applied, limit or disable SSH access for accounts subject to command restriction policies, restrict SSH exposure to trusted management networks only, and minimize the number of users with SSH access. Monitor SSH activity for attempts to execute commands outside expected administrative workflows, and review account permissions and forced-command or restricted-shell configurations to reduce exposure. If feasible, temporarily disable affected restricted SSH functionality or replace it with a more tightly controlled administrative access path.

Apply the vendor-provided fix or updated version of Cellopoint CelloOS that addresses CVE-2026-12059, as referenced by the associated TWCERT/CC advisory. Because the vulnerability is in the SSH service access-control enforcement, remediation should include updating the affected SSH service/component so that command restrictions are correctly enforced for authenticated users.