Security Risk Category

bosh-cli Security Risks

Published vulnerability pages connected to bosh-cli. One risk can appear in multiple categories while keeping one canonical page.

bosh-cli risks

Showing 4 of 4 published risks.

highEPSS 0.001

BOSH CLI Compromised Director Operator Workstation Command Execution Vulnerability

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags. Affected versions: BOSH CLI versions prior to 7.10.5.

CVE-2026-41857cloud-foundryboshclicommand-execution

Updated Jul 10, 2026

highEPSS 0.003

BOSH CLI blobs.yml Path Traversal Vulnerability

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.

CVE-2026-47826cloud-foundryboshclipath-traversal

Updated Jul 10, 2026

highEPSS 0.001

BOSH CLI DAV Blobstore TLS Certificate Verification Bypass Vulnerability

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network attacker can terminate the TLS connection, harvest the Basic-auth credentials, and read the rendered-templates archive containing every bootstrap secret for the new BOSH Director, then replay the credentials against the real VM's agent for root code execution. Affected versions: bosh-cli versions prior to v7.10.4.

CVE-2026-47828cloud-foundryboshclitls

Updated Jul 10, 2026

highEPSS 0.003

BOSH CLI OpenSSH Argument Injection Vulnerability

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.

CVE-2026-47829cloud-foundryboshcliargument-injection

Updated Jul 10, 2026