Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id']; both pass the agent-supplied string unmodified to download_and_delete_blob(blob_id) (line 344-349), which calls @resource_manager.get_resource(blob_id) and, in an ensure block, @resource_manager.delete_resource(blob_id). Api::ResourceManager forwards the id straight to blobstore.get(id) / blobstore.delete(id). When the director is configured with the local blobstore provider, Blobstore::LocalClient#object_file_path(oid) is File.join(@blobstore_path, oid) (local_client.rb:54-56) with no normalisation, so oid = "../../jobs/director/config/director.yml" resolves outside the blobstore root.
Affected versions: BOSH Director: All versions prior to v282.1.12
AnalysisAI
Path traversal in BOSH Director allows a compromised BOSH agent to cause the Director to read and delete arbitrary files outside the blobstore root on the Director host filesystem. When the Director processes long-running operations such as compile_package and is configured with the local blobstore provider, agent-supplied blob IDs in the reply JSON are passed unmodified into filesystem path construction, enabling traversal strings like '../../jobs/director/config/director.yml' to resolve to sensitive files. No public exploit exists and no active exploitation has been identified; the CVSS 4.0 score of 4.3 reflects the significant prerequisite barriers including high privilege requirements and a specific non-default configuration.
Technical ContextAI
BOSH is the Cloud Foundry infrastructure deployment tool; the Director orchestrates agents running on managed VMs. For long-running tasks, AgentClient reads the agent's JSON reply and processes blob identifiers via two code paths: inject_compile_log (local_client.rb lines 332-339) reading response['value']['result']['compile_log_id'], and format_exception (lines 318-325) reading exception['blobstore_id']. Both paths call download_and_delete_blob (lines 344-349), which invokes Api::ResourceManager to call blobstore.get(id) followed by blobstore.delete(id) in an ensure block - meaning both operations always execute regardless of success. When the local blobstore provider is active, Blobstore::LocalClient#object_file_path constructs paths with File.join(@blobstore_path, oid) (local_client.rb:54-56) without any normalization, canonicalization, or prefix validation. CWE-22 (Path Traversal) is the root cause: user-controlled input is concatenated directly into a trusted filesystem base path, allowing '../' sequences to escape the blobstore directory. The vulnerability is exclusive to deployments using the local blobstore provider; cloud blobstore backends (S3, Azure Blob, GCS) are unaffected because their object IDs are not resolved as filesystem paths.
RemediationAI
The primary fix is to upgrade BOSH Director to v282.1.12 or later; this is a vendor-released patch confirmed by the Cloud Foundry advisory at https://www.cloudfoundry.org/blog/cve-2026-41009-local-blobstore-may-allow-arbitrary-reads-deletes/. If an immediate upgrade is not feasible, a highly effective compensating control is to migrate from the local blobstore provider to a remote blobstore backend (S3, Azure Blob, GCS), as the path traversal is specific to Blobstore::LocalClient's filesystem path construction and does not apply to object-store backends - note that this migration requires Director reconfiguration and a blobstore migration procedure which may involve downtime. A secondary defensive measure is to restrict which agent VMs can be registered with the Director and to harden agent VM access to reduce the prerequisite of agent compromise; however, this does not eliminate the underlying code vulnerability and is not a substitute for patching. Filesystem-level controls such as running the Director process under a user with restricted read/write scope outside the blobstore directory can reduce blast radius but cannot fully prevent traversal if the Director process requires access to configuration files in adjacent directories.
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. R
Command injection in Cloud Foundry BOSH versions prior to v282.1.12 allows an attacker who can upload a release tarball
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prio
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials w
Arbitrary blobstore deletion in BOSH Director allows a compromised, high-privileged BOSH-managed VM to delete any object
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32098
GHSA-gq7j-4834-ccgp