Weak Random Number Generator in Bosh Windows Stemcell Builder by Cloud Foundry
CVE-2026-47831

7.7HIGH

What is CVE-2026-47831?

The Bosh Windows Stemcell Builder's implementation of the GenerateRandomPassword function uses a cryptographically weak random number generator, potentially enabling remote attackers to conduct brute-force attacks on SSH logins through TCP/22. This vulnerability affects all versions prior to v2019.98, underscoring the importance of secure password generation methods to protect sensitive system access.

Affected Version(s)

bosh-windows-stemcell-builder 0 < 2019.98

References

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.