Shell Injection Vulnerability in BOSH CLI by Cloud Foundry
CVE-2026-41857
7.1HIGH
What is CVE-2026-41857?
A security vulnerability in BOSH CLI enables a compromised BOSH Director to execute arbitrary shell commands on an operator's workstation when commands such as bosh ssh, bosh scp, or bosh logs -f are run with default settings. This could lead to significant security risks if an attacker can manipulate the environment or the command being executed, particularly on systems running vulnerable versions prior to 7.10.5.
Affected Version(s)
BOSH CLI 0 < 7.10.5
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
CVSS V3.0
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
