Security Risk Category

ssh Security Risks

Published vulnerability pages connected to ssh. One risk can appear in multiple categories while keeping one canonical page.

ssh risks

Showing 4 of 4 published risks.

highEPSS 0.001

BOSH CLI Compromised Director Operator Workstation Command Execution Vulnerability

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags. Affected versions: BOSH CLI versions prior to 7.10.5.

CVE-2026-41857cloud-foundryboshclicommand-execution

Updated Jul 10, 2026

highEPSS 0.003

BOSH CLI OpenSSH Argument Injection Vulnerability

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.

CVE-2026-47829cloud-foundryboshcliargument-injection

Updated Jul 10, 2026

highEPSS 0.002

BOSH Windows Stemcell Builder Weak Random Password Vulnerability

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.

CVE-2026-47831cloud-foundryboshwindows-stemcellweak-randomness

Updated Jul 10, 2026

mediumEPSS 0.002

Nozomi Guardian SSH Keys Synchronization Missing Authentication Vulnerability

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

CVE-2026-31983nozomi-networksguardiansshmissing-authentication

Updated Jul 10, 2026