Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access. UsersSync#bosh_api_response_body builds a Net::HTTP client with verify_mode = OpenSSL::SSL::VERIFY_NONE for every director call (/info, /deployments, /deployments/<name>/vms).
Affected versions:
- BOSH: all versions prior to v282.1.9 (inclusive); fixed in v282.1.9 or later
AnalysisAI
Credential theft and authorization tampering in Cloud Foundry BOSH (versions prior to v282.1.9) stems from the nats-sync component disabling TLS certificate validation when contacting the BOSH director. An attacker positioned on the network between nats-sync and the director can intercept Basic auth headers or UAA client secrets and modify the VM list written into the NATS authorization file, ultimately gaining administrative director access. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Technical ContextAI
BOSH is the Cloud Foundry release-engineering and VM lifecycle tool that orchestrates deployments via a director API and uses NATS for messaging between the director and managed VMs. The nats-sync component periodically polls the director's /info, /deployments, and /deployments/<name>/vms endpoints to rebuild the NATS authorization file that gates which VMs may publish/subscribe on which subjects. The root cause is CWE-295 (Improper Certificate Validation): UsersSync#bosh_api_response_body constructs a Net::HTTP client with verify_mode = OpenSSL::SSL::VERIFY_NONE, so the TLS handshake completes against any certificate - including one presented by a man-in-the-middle - leaking the credentials carried in the request and accepting forged response bodies.
RemediationAI
Vendor-released patch: BOSH v282.1.9 - upgrade to v282.1.9 or later, which restores proper TLS certificate validation in the nats-sync director client, per the Cloud Foundry advisory at https://www.cloudfoundry.org/blog/cve-2026-41859-missing-tls-in-nats-sync/. If immediate upgrade is not possible, restrict the network path between nats-sync and the BOSH director to a trusted, isolated segment so that no attacker can interpose on the TCP flow (for example by collocating components, using a private management VLAN, or enforcing IPsec/WireGuard between the hosts); the trade-off is operational complexity and potential loss of flexibility in distributed deployments. Additionally, consider rotating any BOSH director Basic auth credentials and UAA client secrets used by nats-sync after patching, in case they were exposed to an on-path observer prior to the fix.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34193
GHSA-cggw-g858-xx4w