Skip to main content

Bosh Cli Tool

1 CVEs product

Monthly

CVE-2026-47826 HIGH PATCH This Week

Arbitrary file write and information disclosure in the Cloud Foundry BOSH CLI tool (versions prior to v7.10.4) stems from insufficient sanitization of the path key inside blobs.yml, letting a crafted release blob spec escape the intended blobstore directory. When an operator syncs or downloads blobs from a malicious or tampered release, the CLI can write files to attacker-controlled locations on the host and expose sensitive files. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor-assigned CVSS 4.0 base score is 8.5 (High).

Bosh Cli Tool Path Traversal
NVD VulDB
CVSS 4.0
8.5
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Arbitrary file write and information disclosure in the Cloud Foundry BOSH CLI tool (versions prior to v7.10.4) stems from insufficient sanitization of the path key inside blobs.yml, letting a crafted release blob spec escape the intended blobstore directory. When an operator syncs or downloads blobs from a malicious or tampered release, the CLI can write files to attacker-controlled locations on the host and expose sensitive files. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor-assigned CVSS 4.0 base score is 8.5 (High).

Bosh Cli Tool Path Traversal
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy