PatchSiren

CloudFoundry Foundation CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH CloudFoundry Foundation CVE published 2026-07-09

CVE-2026-47829

CVE-2026-47829 is an Argument Injection vulnerability in bosh-cli. A compromised BOSH Director can inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs certain non-interactive SSH commands, leading to local command execution on the operator's workstation. This issue affects bosh-cli versions prior to v7.10.4. The vulnerability allows for the execution of arbitrary co [truncated]

HIGH CloudFoundry Foundation CVE published 2026-07-09

CVE-2026-47826

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions are BOSH CLI tool versions prior to v7.10.4. This vulnerability has a CVSS score of 8.5 and is classified as HIGH severity. The vulnerability is caused by a path traversal issue in the blobs.yml file of the BOSH CLI tool. Users of BOSH CLI [truncated]