CVE-2026-47826
Received Received - Intake

Path Traversal in BOSH CLI Tool

Vulnerability report for CVE-2026-47826, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: VMware

Description

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
vmware tanzu_bosh_cli to 7.10.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-47826 is a high-severity vulnerability in the BOSH CLI tool, specifically in versions prior to v7.10.4. It involves a path traversal flaw in the blobs.yml file, which allows an attacker to write arbitrary files on the system.

This flaw can also enable attackers to exfiltrate sensitive information from affected systems.

Impact Analysis

This vulnerability can have serious impacts including unauthorized file writes and the potential leakage of sensitive information.

  • Attackers can write arbitrary files, which may lead to system compromise or persistence.
  • Sensitive information can be exfiltrated, leading to data breaches.

Given the high CVSS scores (8.8 for v3.0 and 8.5 for v4.0), the risk level is significant and should be addressed promptly.

Mitigation Strategies

To mitigate the CVE-2026-47826 vulnerability, the Cloud Foundry Foundation recommends upgrading the BOSH CLI tool to version 7.10.4 or later.

Compliance Impact

The vulnerability in the BOSH CLI tool allows attackers to write arbitrary files and exfiltrate sensitive information, which could lead to unauthorized data access or data breaches.

Such unauthorized access and potential data exfiltration may impact compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding sensitive information and preventing data breaches.

Mitigating this vulnerability by upgrading to BOSH CLI tool version 7.10.4 or later is recommended to reduce the risk of non-compliance due to data exposure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47826. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart