CVE-2026-41011 | Cloud Foundry BOSH up to 282.1.11 Exec.sh Bosh::Common::Exec.sh package_meta[‘name’] os command injection

Inserito da Angelo Barbosa | Giu 4, 2026 | CVE

A vulnerability described as critical has been identified in Cloud Foundry BOSH up to 282.1.11. This issue affects the function Bosh::Common::Exec.sh of the file Exec.sh. Such manipulation of the argument package_meta[‘name’] leads to os command injection.

This vulnerability is referenced as CVE-2026-41011. The attack can only be performed from a local environment. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-41011 | Cloud Foundry BOSH up to 282.1.11 Exec.sh Bosh::Common::Exec.sh package_meta[‘name’] os command injection

Post correlati

CVE-2026-30118 | scalar astro 0.1.13 Proxy Endpoint scalar_url server-side request forgery

CVE-2023-6185 | Document Foundation LibreOffice up to 7.5.8/7.6.2 GStreamer input validation

CVE-2023-52197 | Impactpixel Ads Invalid Click Protection Plugin up to 1.0 on WordPress cross site scripting

CVE-2017-20230 | NWCLARK Storable up to 3.04 on Perl retrieve_hook stack-based overflow (Issue 15831)