Command Injection Vulnerability in BOSH Director by Cloud Foundry
CVE-2026-41010

8.7HIGH

Key Information:

Vendor
CVE Published:
4 June 2026

What is CVE-2026-41010?

The vulnerability in BOSH Director allows attackers to exploit command injection through crafted job names within uploaded tarballs. The paths for job directories and tar files are constructed using user-supplied data, which can include malicious shell metacharacters. Such exploitation can lead to unauthorized command execution on the system, potentially compromising its security. Users are advised to upgrade to BOSH Director version 282.1.12 or later to mitigate this risk.

Affected Version(s)

BOSH Director 0 < 282.1.12

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.