COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-47826

CVE-2026-47826

Severity
critical
Source
NVD · cve
Published
2026-07-09
CVSS
9.1
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-47826
shame 45/100 unpatcheddata-breach

CloudFoundry's BOSH CLI tool allows attackers to write arbitrary files and exfiltrate sensitive data via path traversal in blobs.yml before v7.10.4.

This critical vulnerability enables attackers to write arbitrary files and exfiltrate sensitive information through path traversal in the BOSH CLI tool, posing a significant risk to FedRAMP vendors and DIB organizations relying on CloudFoundry infrastructure. Organizations must immediately patch to version 7.10.4 or later to prevent potential data loss and compliance violations.

Shame score — A critical path traversal vulnerability in a widely-used infrastructure tool that allows arbitrary file writing and exfiltration, though not actively exploited or ransomware-linked.

Players implicated

cloudfoundry · vendorbosh cli · product

Description

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.