CVE-2026-47829
Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director
CVSS Score
8.3
EPSS Score
0.0%
EPSS Percentile
0th
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.
| Vendor | cloudfoundry foundation |
| Product | bosh-cli |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for cloudfoundry foundation bosh-cli
Be the first to know when new high vulnerabilities affecting cloudfoundry foundation bosh-cli are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Versions
CloudFoundry Foundation / bosh-cli
0 < 7.10.4