Argument Injection Vulnerability in bosh-cli Affects Cloud Foundry
CVE-2026-47829
7.7HIGH
What is CVE-2026-47829?
The bosh-cli tool for Cloud Foundry is susceptible to an argument injection vulnerability that enables a compromised BOSH Director to inject arbitrary OpenSSH options. This injection occurs when operators execute commands such as 'bosh ssh -c' or 'bosh logs -f', leading to unauthorized local command execution on the operator's workstation. This type of vulnerability highlights the importance of maintaining updated software versions and ensuring secure configurations to protect against potential exploitation.
Affected Version(s)
bosh-cli 0 < 7.10.4
References
CVSS V4
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
CVSS V3.0
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
