Skip to main content

BOSH CLI EUVDEUVD-2026-42505

| CVE-2026-41857 HIGH
OS Command Injection (CWE-78)
2026-07-09 vmware GHSA-xf9x-r7gm-j3j6
7.1
CVSS 4.0 · Vendor: vmware
Share

Severity by source

Vendor (vmware) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Payload is delivered over the network from the Director (AV:N) but needs a preexisting Director compromise plus operator action, so AC:H and UI:R; full workstation compromise gives C/I/A:H.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vmware).

CVSS VectorVendor: vmware

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 07:01 EUVD
Analysis Generated
Jul 09, 2026 - 05:59 vuln.today

DescriptionCVE.org

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags. Affected versions: BOSH CLI versions prior to 7.10.5.

AnalysisAI

Arbitrary command execution on operator workstations in Cloud Foundry BOSH CLI before 7.10.5 allows a compromised or malicious BOSH Director to inject and run shell commands locally when an operator invokes bosh ssh, bosh scp, or bosh logs -f with default flags. Because the CLI trusts director-supplied data and passes it into a shell, a controlled director turns a routine operator action into local code execution on the trusted management host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise or impersonate BOSH Director
Delivery
Plant malicious connection metadata
Exploit
Operator runs bosh ssh with default flags
Execution
CLI builds shell command from director data
Persist
Injected commands execute on workstation
Impact
Pivot using operator credentials

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete prerequisites drawn directly from the description: (1) the BOSH Director the CLI connects to must be compromised or malicious - a benign Director cannot trigger this, and (2) the operator must actively run one of the specific commands bosh ssh, bosh scp, or bosh logs -f with default flags, so the flaw fires under default configuration once those commands are used. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 7.1 (AV:L/AC:L/AT:P/PR:N/UI:A) reflects a meaningful but conditional risk: exploitation is not automatable and hinges on a preexisting compromise of the Director (AT:P attack requirement) plus an active operator action (UI:A). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised a BOSH Director (or stands up a rogue one that an operator is lured into targeting) plants malicious connection metadata that the CLI will interpret. When the operator runs bosh ssh with default flags to reach a deployment VM, the CLI builds a local shell command from that director-supplied data and executes the attacker's injected commands on the operator's workstation. …
Remediation Upgrade the BOSH CLI on every operator workstation and CI/automation host to version 7.10.5 or later (Vendor-released patch: 7.10.5), per the Cloud Foundry advisory at https://www.cloudfoundry.org/blog/cve-2026-41857-bosh-cli-shell-injection/. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all BOSH CLI deployments and identify instances running versions before 7.10.5. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42505 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy