Affected versions: bosh-cli versions prior to v7.10.4.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4. | |
| Title | Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director | |
| References |
| |
| Metrics |
cvssV3_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-07-09T13:12:14.523Z
Reserved: 2026-05-20T10:00:48.931Z
Link: CVE-2026-47829
Updated: 2026-07-09T13:12:08.135Z
No data.
No data.
OpenCVE Enrichment
No data.
No weakness.