【Vulnerability Alert】BasePoint Information|CelloOS - Improper Access Control

publish date : 2026-06-22 update date : 2026-06-22

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026061601061212 Publication Time 2026-06-16 13:33:12
Incident Type ANA-Vulnerability Alert Discovery Time 2026-06-16 13:33:12
Impact Level Low  
[Subject]
【Vulnerability Alert】BasePoint Information|CelloOS - Improper Access Control
[Content]

Forwarded from TWCERTCC-200-202606-00000013

【BasePoint Information|CelloOS - Improper Access Control】(CVE-2026-12059, CVSS: 8.8) The SSH service of CelloOS developed by BasePoint Information has an Improper Access Control vulnerability. An authenticated remote attacker may bypass the original command restriction mechanism and thereby execute unauthorized operating system commands.

Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)
[Affected Platform]

CelloOS versions earlier than 4.8.0 Build 20260316, not inclusive
[Recommended Actions]

The original manufacturer performed online patching on 2026/3/18.
For systems that cannot receive online patches due to being offline, isolated, or for other reasons,
they should be manually updated to a patched version released on or after 2026/3/18.

[Reference]
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center