Command Injection Vulnerability in BOSH Director by Cloud Foundry
CVE-2026-41010
8.7HIGH
What is CVE-2026-41010?
The vulnerability in BOSH Director allows attackers to exploit command injection through crafted job names within uploaded tarballs. The paths for job directories and tar files are constructed using user-supplied data, which can include malicious shell metacharacters. Such exploitation can lead to unauthorized command execution on the system, potentially compromising its security. Users are advised to upgrade to BOSH Director version 282.1.12 or later to mitigate this risk.
Affected Version(s)
BOSH Director 0 < 282.1.12
