CVE-2026-41011 | Cloud Foundry BOSH up to 282.1.11 Exec.sh Bosh::Common::Exec.sh package_meta[‘name’] os command injection

Inserito da Angelo Barbosa | Giu 4, 2026 | CVE

A vulnerability described as critical has been identified in Cloud Foundry BOSH up to 282.1.11. This issue affects the function Bosh::Common::Exec.sh of the file Exec.sh. Such manipulation of the argument package_meta[‘name’] leads to os command injection.

This vulnerability is referenced as CVE-2026-41011. The attack can only be performed from a local environment. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-41011 | Cloud Foundry BOSH up to 282.1.11 Exec.sh Bosh::Common::Exec.sh package_meta[‘name’] os command injection

Post correlati

CVE-2026-1816 | Turkiye Electricity Transmission Corporation Mobile Application up to 1.12 excessive authentication

CVE-2025-47700 | Mattermost up to 10.5.8 Agents Plugin server-side request forgery

CVE-2025-22894 | Humming Heads Defense Platform Home Edition up to 3.9.51.x Message shatter

CVE-2025-1749 | OpenCart up to 4.0.x /account/voucher name cross site scripting