highCVE-2026-47829

BOSH CLI OpenSSH Argument Injection Vulnerability

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.

ProductBOSH CLI
CVSS7.7
EPSS0.00293
UpdatedJuly 10, 2026

Quick answer

Cloud Foundry Foundation BOSH CLI should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • bosh-cli versions prior to v7.10.4

Fixed versions

  • v7.10.4

How to fix it

BOSH CLI before v7.10.4 could pass attacker-controlled OpenSSH arguments when an operator used SSH-related commands against a compromised Director. Upgrade the CLI on every operator workstation and automation runner, then review commands and credentials used against untrusted Directors.

  1. Inventory BOSH CLI versions on administrator laptops, jump boxes, CI runners, and automation hosts.
  2. Upgrade BOSH CLI to v7.10.4 or a later vendor-supported release everywhere operators run bosh ssh, bosh logs, or related commands.
  3. Avoid running SSH-related BOSH CLI commands against untrusted or suspected-compromised Directors until the CLI is upgraded.
  4. Review recent bosh ssh -c, bosh logs -f, and similar command usage for unexpected local command execution behavior.
  5. Rotate BOSH Director credentials, SSH keys, UAA tokens, and CI secrets if an operator workstation may have been exposed.
  6. Limit BOSH Director access to trusted management networks and require strong operator authentication.
  7. Document the minimum allowed BOSH CLI version in workstation and CI baseline checks.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm every operator environment reports BOSH CLI v7.10.4 or later.
  • Test SSH-related BOSH commands against a trusted Director and confirm no unexpected local OpenSSH options are accepted.
  • Review shell history, terminal logs, and endpoint telemetry for unexpected command execution during BOSH operations.
  • Verify old BOSH credentials and SSH keys were rotated where exposure was possible.
  • Run a Fixnx scan and confirm BOSH management interfaces are not publicly reachable.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-47829?

Cloud Foundry Foundation BOSH CLI versions listed as affected should be reviewed: bosh-cli versions prior to v7.10.4.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.