CVE-2026-47829 is an Argument Injection vulnerability in bosh-cli. A compromised BOSH Director can inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs certain non-interactive SSH commands, leading to local command execution on the operator's workstation. This issue affects bosh-cli versions prior to v7.10.4. The vulnerability allows for the execution of arbitrary co [truncated]
HIGHCloudFoundry FoundationCVE published 2026-07-09
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions are BOSH CLI tool versions prior to v7.10.4. This vulnerability has a CVSS score of 8.5 and is classified as HIGH severity. The vulnerability is caused by a path traversal issue in the blobs.yml file of the BOSH CLI tool. Users of BOSH CLI [truncated]