Known Vulnerabilities for BOSH by Cloud Foundry Foundation
Listed below are 7 of the newest known vulnerabilities associated with "BOSH" by "Cloud Foundry Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41860 json | CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestH... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41859 json | A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or ... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41858 json | Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-rele... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41704 json | AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every respons... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-41011 json | PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and ... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41010 json | ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{nam... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-41009 json | When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inj... | Not Provided | 2026-05-27 | 2026-05-27 |