Argument Injection Vulnerability in bosh-cli Affects Cloud Foundry
CVE-2026-47829

7.7HIGH

Key Information:

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-47829?

The bosh-cli tool for Cloud Foundry is susceptible to an argument injection vulnerability that enables a compromised BOSH Director to inject arbitrary OpenSSH options. This injection occurs when operators execute commands such as 'bosh ssh -c' or 'bosh logs -f', leading to unauthorized local command execution on the operator's workstation. This type of vulnerability highlights the importance of maintaining updated software versions and ensuring secure configurations to protect against potential exploitation.

Affected Version(s)

bosh-cli 0 < 7.10.4

References

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

CVSS V3.0

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.