Description
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information.
Affected versions: BOSH CLI tool versions prior to v7.10.4.
Published: 2026-07-09
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The BOSH CLI tool’s handling of the ‘path’ key in blobs.yml contains a path traversal flaw that lets attackers craft a value that causes the CLI to write arbitrary files outside its intended directory. Based on the description, it is inferred that this could facilitate overwriting configuration files, injecting malicious code, or exfiltrating secrets, which aligns with CWE‑22 and CWE‑788. The vulnerability therefore compromises integrity and could lead to remote code execution if the written files are executed.

Affected Systems

The CloudFoundry Foundation BOSH Command Line Interface is affected. Versions earlier than v7.10.4 are vulnerable; any installation that processes user‑supplied blobs.yml files without the patch is at risk.

Risk and Exploitability

The CVSS score of 8.5 marks the flaw as high severity, while the EPSS score of below 1% indicates a low current exploitation rate and the issue is not yet identified in CISA's KEV catalog. Based on the information provided, it is inferred that an attacker capable of supplying or influencing the CLI’s input—potentially through malicious buildpacks, compromised developer machines, or insecure scripts—could exercise the path traversal to write arbitrary files, potentially leading to code execution or data loss.

Generated by OpenCVE AI on July 10, 2026 at 04:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the BOSH CLI to version 7.10.4 or newer where the bug is fixed.
  • If a patch is not immediately feasible, it is inferred that limiting the CLI’s execution to trusted users and sanitizing the ‘path’ values in blobs.yml can reduce risk.
  • As a temporary measure, eliminate or disable the vulnerable blobs.yml ‘path’ feature, preventing the tool from writing files outside the intended scope.

Generated by OpenCVE AI on July 10, 2026 at 04:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Jul 2026 05:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
CWE-788

Thu, 09 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 07:00:00 +0000

Type Values Removed Values Added
Description The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.
Title blobs.yaml Path Traversal Allows File Writes
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-07-09T14:10:24.256Z

Reserved: 2026-05-20T10:00:48.931Z

Link: CVE-2026-47826

cve-icon Vulnrichment

Updated: 2026-07-09T14:10:18.930Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-10T05:00:14Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE-788

    Access of Memory Location After End of Buffer