CVE-2026-41857: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in CloudFoundry BOSH BOSH CLI
CVE-2026-41857 is a high-severity OS command injection vulnerability in CloudFoundry BOSH CLI. A compromised or malicious BOSH Director can execute arbitrary shell commands on an operator's workstation when the operator uses bosh ssh, bosh scp, or bosh logs -f with default flags. This affects BOSH CLI versions prior to 7.10.5. No official patch or remediation level has been confirmed yet.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-41857) involves improper neutralization of special elements used in OS commands (CWE-78) in the CloudFoundry BOSH CLI. Specifically, when an operator runs commands such as bosh ssh, bosh scp, or bosh logs -f with default flags, a compromised or malicious BOSH Director can inject and execute arbitrary shell commands on the operator's workstation. The issue affects BOSH CLI versions prior to 7.10.5. The CVSS 4.0 score is 7.1, indicating high severity. No vendor advisory or patch information is currently available, and the vulnerability is not related to a cloud service.
Potential Impact
If exploited, this vulnerability allows a compromised or malicious BOSH Director to execute arbitrary shell commands on the operator's workstation, potentially leading to unauthorized access, data compromise, or further system compromise. The attack requires the operator to run specific BOSH CLI commands with default flags, which could lead to privilege escalation or system control on the operator's machine.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, operators should exercise caution when running bosh ssh, bosh scp, or bosh logs -f commands, especially when interacting with untrusted or potentially compromised BOSH Directors. Monitoring vendor channels for updates and applying patches promptly once released is recommended.
CVE-2026-41857: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in CloudFoundry BOSH BOSH CLI
Description
CVE-2026-41857 is a high-severity OS command injection vulnerability in CloudFoundry BOSH CLI. A compromised or malicious BOSH Director can execute arbitrary shell commands on an operator's workstation when the operator uses bosh ssh, bosh scp, or bosh logs -f with default flags. This affects BOSH CLI versions prior to 7.10.5. No official patch or remediation level has been confirmed yet.
CVSS v4.0
Score 7.1high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-41857) involves improper neutralization of special elements used in OS commands (CWE-78) in the CloudFoundry BOSH CLI. Specifically, when an operator runs commands such as bosh ssh, bosh scp, or bosh logs -f with default flags, a compromised or malicious BOSH Director can inject and execute arbitrary shell commands on the operator's workstation. The issue affects BOSH CLI versions prior to 7.10.5. The CVSS 4.0 score is 7.1, indicating high severity. No vendor advisory or patch information is currently available, and the vulnerability is not related to a cloud service.
Potential Impact
If exploited, this vulnerability allows a compromised or malicious BOSH Director to execute arbitrary shell commands on the operator's workstation, potentially leading to unauthorized access, data compromise, or further system compromise. The attack requires the operator to run specific BOSH CLI commands with default flags, which could lead to privilege escalation or system control on the operator's machine.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, operators should exercise caution when running bosh ssh, bosh scp, or bosh logs -f commands, especially when interacting with untrusted or potentially compromised BOSH Directors. Monitoring vendor channels for updates and applying patches promptly once released is recommended.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- vmware
- Date Reserved
- 2026-04-22T06:22:10.081Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4f575268715ace43edbded
Added to database: 07/09/2026, 08:09:54 UTC
Last enriched: 07/09/2026, 08:10:06 UTC
Last updated: 07/09/2026, 08:10:06 UTC
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.