Exposures › CVE-2026-47826
CloudFoundry's BOSH CLI tool allows attackers to write arbitrary files and exfiltrate sensitive data via path traversal in blobs.yml before v7.10.4.
This critical vulnerability enables attackers to write arbitrary files and exfiltrate sensitive information through path traversal in the BOSH CLI tool, posing a significant risk to FedRAMP vendors and DIB organizations relying on CloudFoundry infrastructure. Organizations must immediately patch to version 7.10.4 or later to prevent potential data loss and compliance violations.
Shame score — A critical path traversal vulnerability in a widely-used infrastructure tool that allows arbitrary file writing and exfiltration, though not actively exploited or ransomware-linked.
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.
No correlated FedRAMP products.