Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolated into a shell string: Bosh::Common::Exec.sh("tar -C #{job_dir} -xf #{job_tgz} 2>&1", :on_error => :return). Bosh::Common::Exec.sh executes via %x{#{command}} (bosh-common/lib/bosh/common/exec.rb:53), i.e. /bin/sh -c, so any shell metacharacters in name are interpreted. FileUtils.mkdir_p(job_dir) on line 49 creates the literal directory (no shell) and succeeds even when the name contains $()/;, so execution reaches the sh call.
Affected versions:
- BOSH Director: all versions prior to v282.1.12 (inclusive); fixed in v282.1.12 or later
AnalysisAI
Command injection in Cloud Foundry BOSH Director (all versions prior to v282.1.12) allows an authenticated release uploader to achieve arbitrary OS command execution on the Director by embedding shell metacharacters in the jobs[].name field of a release.MF manifest inside an uploaded tarball. The unsafe value flows from ReleaseJob#unpack into a /bin/sh -c invocation via Bosh::Common::Exec.sh, so payloads such as $(...) or ; are interpreted by the shell during release unpacking. No public exploit identified at time of analysis; no CISA KEV listing, but the Cloud Foundry Foundation has published an advisory and a fixed release.
Technical ContextAI
BOSH is the Cloud Foundry release-engineering and deployment tool that manages VM/container lifecycles across IaaS providers; the Director is its central orchestration component. The vulnerable code path is in jobs/release_job.rb (ReleaseJob#unpack), which composes job_dir and job_tgz with File.join using @job_meta['name'] read straight from the attacker-controlled release.MF YAML, then interpolates both paths into a tar command passed to Bosh::Common::Exec.sh. That helper executes its argument through Ruby's %x{} backticks (bosh-common/lib/bosh/common/exec.rb:53), which spawn /bin/sh -c and therefore evaluate metacharacters like $(), backticks, ;, and |. FileUtils.mkdir_p tolerates these characters at the filesystem layer, so the malicious value survives long enough to reach the shell. This is a textbook CWE-78 (OS Command Injection) caused by mixing untrusted manifest data with string-built shell commands rather than using an argv-array exec form.
RemediationAI
Vendor-released patch: BOSH Director v282.1.12 - upgrade the Director (and any HA/standby Directors) to v282.1.12 or later as documented at https://www.cloudfoundry.org/blog/cve-2026-41010-release-job-name-command-injection-on-bosh-director/. As a compensating control until the upgrade is deployed, tightly restrict who holds bosh.releases.upload (or equivalent UAA scope) and revoke release-upload permissions from shared CI service accounts, since exploitation requires the ability to upload a malicious release tarball; this has the side effect of breaking automated release pipelines that depend on those accounts. Additionally, review and lock down ingress to the Director API so only trusted jumpboxes/CI runners can reach it, and audit recent release uploads for jobs whose name field contains shell metacharacters ($, `, ;, |, &, newline) as an indicator of attempted exploitation.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34198
GHSA-gmvv-r68v-m7x9