Known Vulnerabilities for BOSH CLI by CloudFoundry BOSH
Listed below are 10 of the newest known vulnerabilities associated with "BOSH CLI" by "CloudFoundry BOSH".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-47831 json | Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-build... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-47830 json | Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authe... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-47829 json | Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawne... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-47828 json | During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's ... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-47826 json | The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrat... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-41860 json | CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestH... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41859 json | A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or ... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41858 json | Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-rele... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41857 json | A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-41704 json | AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every respons... | Not Provided | 2026-05-27 | 2026-05-27 |