Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-41857 | 1 Cloudfoundry | 1 Bosh Cli | 2026-07-13 | N/A | 7.8 HIGH |
| A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags. Affected versions: BOSH CLI versions prior to 7.10.5. | |||||
| CVE-2026-47826 | 1 Cloudfoundry | 1 Bosh Cli | 2026-07-13 | N/A | 9.1 CRITICAL |
| The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4. | |||||
| CVE-2026-47828 | 1 Cloudfoundry | 1 Bosh Cli | 2026-07-13 | N/A | 8.8 HIGH |
| During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network attacker can terminate the TLS connection, harvest the Basic-auth credentials, and read the rendered-templates archive containing every bootstrap secret for the new BOSH Director, then replay the credentials against the real VM's agent for root code execution. Affected versions: bosh-cli versions prior to v7.10.4. | |||||
| CVE-2026-47829 | 1 Cloudfoundry | 1 Bosh Cli | 2026-07-13 | N/A | 7.8 HIGH |
| Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4. | |||||
