HIGH
CloudFoundry BOSH
CVE published 2026-07-09
CVE-2026-41857
A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags. This issue affects BOSH CLI versions prior to 7.10.5. The vulnerability arises from the BOSH CLI's handling of ssh commands, allowing a malicious director to inject commands. Users of Cloudfoundry Bosh Cli should be aware [truncated]