Local Authentication Bypass in BOSH Affects Cloud Foundry Users
CVE-2026-41860
7.1HIGH
What is CVE-2026-41860?
A vulnerability in BOSH allows local attackers to exploit hardcoded SSL verification settings, leading to potential interception of Basic-auth credentials and token requests. This could facilitate man-in-the-middle (MITM) attacks, exposing sensitive authentication data. Users are encouraged to upgrade to BOSH version 282.1.9 or later to mitigate this risk and ensure secure communications.
Affected Version(s)
BOSH 0 < 282.1.9
