Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x{} - i.e., /bin/sh -c. No Shellwords.escape is applied. The Models::Package Sequel validation (VALID_ID = /^[-0-9A-Za-z_+.]+$/i) would reject the name, but in create_package (lines 74-79) the shell-out in save_package_source_blob runs before package.save, so validation fires too late.
Affected versions:
- BOSH: all versions prior to v282.1.12 (inclusive); fixed in v282.1.12 or later
AnalysisAI
Command injection in Cloud Foundry BOSH versions prior to v282.1.12 allows an attacker who can upload a release tarball to execute arbitrary shell commands on the BOSH Director host by embedding shell metacharacters in the package name field of the release.MF manifest. The flaw stems from PackagePersister.validate_tgz interpolating the unsanitized name into a tar -tf invocation executed through /bin/sh -c, with model-level validation occurring only after the shell-out. No public exploit identified at time of analysis, and the bug is not listed in CISA KEV.
Technical ContextAI
BOSH is the Cloud Foundry Foundation's release engineering, deployment, and lifecycle management tool used to deploy and manage distributed systems such as Cloud Foundry itself. The defect is a classic CWE-78 (OS Command Injection): the Ruby helper Bosh::Common::Exec.sh wraps %x{...}, which spawns /bin/sh -c, and PackagePersister.validate_tgz constructs the command string with raw interpolation of package_meta['name'] taken straight from the user-supplied release.MF inside the uploaded tarball. Although Models::Package defines VALID_ID = /^[-0-9A-Za-z_+.]+$/i to reject dangerous names, create_package (lines 74-79) invokes save_package_source_blob - which triggers the shell-out - before package.save runs validation, so Sequel's check never fires in time to block injection. Shellwords.escape is also not applied.
RemediationAI
Vendor-released patch: BOSH v282.1.12 - upgrade the BOSH Director to v282.1.12 or later as the primary fix, per the Cloud Foundry advisory at https://www.cloudfoundry.org/blog/cve-2026-41011-package-name-command-injection/. Until upgrade is possible, restrict who can upload BOSH releases by tightening UAA scopes and team membership so only fully trusted operators hold bosh.releases.upload / admin authority, and gate uploads through an out-of-band review that inspects release.MF for shell metacharacters in package name fields before the tarball reaches the Director; both controls slow legitimate release workflows and are not a substitute for patching. Monitor Director audit logs for unexpected child processes spawned under the tar -tf code path as a detective control.
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. R
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prio
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials w
Arbitrary blobstore deletion in BOSH Director allows a compromised, high-privileged BOSH-managed VM to delete any object
Path traversal in BOSH Director allows a compromised BOSH agent to cause the Director to read and delete arbitrary files
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34197
GHSA-96vc-39m3-22w5