๐Ÿ” CVE Alert

CVE-2026-41857

HIGH 7.8

BOSH CLI Shell Injection

CVSS Score
7.8
EPSS Score
0.1%
EPSS Percentile
4th

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags. Affected versions: BOSH CLI versions prior to 7.10.5.

Vendor cloudfoundry bosh
Product bosh cli
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for cloudfoundry bosh bosh cli

Be the first to know when new high vulnerabilities affecting cloudfoundry bosh bosh cli are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Versions

CloudFoundry BOSH / BOSH CLI
0 < 7.10.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
cloudfoundry.org: https://www.cloudfoundry.org/blog/cve-2026-41857-bosh-cli-shell-injection/