CVE-2026-41857
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
09/07/2026
Last modified:
09/07/2026
Description
A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator&#39;s workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags.<br />
Affected versions: BOSH CLI versions prior to 7.10.5.
Impact
Base Score 4.0
7.10
Severity 4.0
HIGH
Base Score 3.x
7.80
Severity 3.x
HIGH



