๐Ÿ” CVE Alert

CVE-2026-47831

HIGH 7.5

Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.

Vendor cloud foundry foundation
Product bosh-windows-stemcell-builder
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for cloud foundry foundation bosh-windows-stemcell-builder

Be the first to know when new high vulnerabilities affecting cloud foundry foundation bosh-windows-stemcell-builder are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Versions

Cloud Foundry Foundation / bosh-windows-stemcell-builder
0 < 2019.98

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
cloudfoundry.org: https://www.cloudfoundry.org/blog/cve-2026-47831-cryptographically-weak-password-generation-in-bosh-windows-stemcell-builder-allows-remote-ssh-brute-force-attacks/