Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes through format_exception (lines 308-325), which reads exception['blobstore_id'] and also calls download_and_delete_blob. That helper (lines 344-349) calls ResourceManager#get_resource(blob_id) and, in an ensure block, ResourceManager#delete_resource(blob_id). ResourceManager (resource_manager.rb:62-70) calls blobstore.delete(id) on the single shared Director blobstore with no UUID-format check, no ownership check, and no namespace prefix.
Affected versions: BOSH Director: All versions prior to v282.1.12
AnalysisAI
Arbitrary blobstore deletion in BOSH Director allows a compromised, high-privileged BOSH-managed VM to delete any object from the shared Director blobstore by injecting crafted NATS reply messages. All BOSH Director versions prior to v282.1.12 are affected, with the root cause being a complete absence of UUID-format validation, ownership checks, and namespace prefixing in ResourceManager before executing blobstore.delete(). An attacker leveraging this post-compromise path can corrupt or destroy deployment artifacts, compiled packages, and release binaries relied upon by dependent deployments, producing cascading availability failures across the BOSH environment. No public exploit or active exploitation has been identified at time of analysis; SSVC confirms exploitation status as none.
Technical ContextAI
BOSH is a Cloud Foundry/VMware cloud infrastructure automation platform that manages VMs via a NATS message bus. The Director's AgentClient#handle_method (lines 264-303) processes every inbound NATS reply. Two distinct code paths both resolve to the same vulnerable sink: inject_compile_log (line 273) reads response['value']['result']['compile_log_id'] and calls download_and_delete_blob, while format_exception (lines 308-325) reads exception['blobstore_id'] and calls the same helper. The download_and_delete_blob helper (lines 344-349) invokes ResourceManager#get_resource and, in an ensure block, ResourceManager#delete_resource. ResourceManager (resource_manager.rb:62-70) calls blobstore.delete(id) directly on the single shared Director blobstore instance with no UUID-format check, no ownership verification, and no namespace prefix enforcement. CWE-284 (Improper Access Control) accurately describes the root cause: the system permits an operation - arbitrary blob deletion - that should require proof of ownership or scope but has no such gate.
RemediationAI
The primary fix is to upgrade BOSH Director to v282.1.12 or later, which resolves the missing ownership and format validation in ResourceManager's blobstore deletion path. The fix version v282.1.12 is confirmed by both the Cloud Foundry vendor advisory and the ENISA EUVD record (EUVD-2026-32108); the advisory is at https://www.cloudfoundry.org/blog/cve-2026-41704-compromised-vm-can-make-arbitrary-blobstore-deletes/. If immediate patching is not feasible, a targeted compensating control is to implement network segmentation restricting NATS message bus publish access so that only authorized BOSH agents can send replies the Director processes - this limits the blast radius if a VM is compromised, though it requires careful testing as NATS communication is central to normal BOSH agent operation and misconfiguration will disrupt deployments. Additionally, enabling blobstore access logging and alerting on anomalous deletion volume can provide detection coverage for active exploitation attempts. No workaround eliminates the root cause; patching to v282.1.12 is the only confirmed remediation.
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. R
Command injection in Cloud Foundry BOSH versions prior to v282.1.12 allows an attacker who can upload a release tarball
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prio
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials w
Path traversal in BOSH Director allows a compromised BOSH agent to cause the Director to read and delete arbitrary files
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32108
GHSA-mhvf-vxjh-cwwp