Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation.
Affected versions: bosh-cli versions prior to v7.10.4.
Affected versions: bosh-cli versions prior to v7.10.4.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 09 Jul 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4. | |
| Title | Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director | |
| References |
| |
| Metrics |
cvssV3_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-07-09T13:12:14.523Z
Reserved: 2026-05-20T10:00:48.931Z
Link: CVE-2026-47829
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.