C

Cloud Foundry Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Cloud Foundry products.

2 known CVE vulnerabilities tracked

Critical
0
High
0
Medium
2
Low
0
None
0

Vulnerabilities By Year

2
2026

Products Affected

Bosh 2

All Cloud Foundry CVEs

Recent Highest Score Oldest
CVE-2026-41704
5.0 medium

AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes thr

Bosh May 27, 2026
CVE-2026-41009
5.8 medium

When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id']; both pass the agent-sup

Bosh May 27, 2026