๐Ÿ” CVE Alert

CVE-2026-47829

HIGH 8.3

Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director

CVSS Score
8.3
EPSS Score
0.0%
EPSS Percentile
0th

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.

Vendor cloudfoundry foundation
Product bosh-cli
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for cloudfoundry foundation bosh-cli

Be the first to know when new high vulnerabilities affecting cloudfoundry foundation bosh-cli are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Versions

CloudFoundry Foundation / bosh-cli
0 < 7.10.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
cloudfoundry.org: https://www.cloudfoundry.org/blog/cve-2026-47829-argument-injection-in-bosh-cli-allows-local-command-execution-on-operator-workstations-via-compromised-director/