Lucene search
K

8 matches found

NVD
NVD
added 2026/05/27 8:16 a.m.18 views

CVE-2026-41009

When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...

5.8CVSS0.00099EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:45 a.m.10 views

CVE-2026-41009

When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...

5.8CVSS5.8AI score0.00099EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 6:45 a.m.9 views

CVE-2026-41009 Local Blobstore may allow arbitrary reads/deletes

When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...

5.8CVSS5.8AI score0.00099EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 6:45 a.m.11 views

EUVD-2026-32098

When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...

5.8CVSS5.8AI score0.00099EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 6:45 a.m.33 views

CVE-2026-41009 Local Blobstore may allow arbitrary reads/deletes

When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...

5.8CVSS0.00099EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 6:45 a.m.19 views

CVE-2026-41009

CVE-2026-41009 affects BOSH Director: all versions prior to v282.1.12. The vulnerability arises when the director uses a local blobstore; Blobstore::LocalClient#object_file_path joins the blobstore path with the provided oid without normalisation, enabling path traversal (e.g., oid = "../../jobs/...

5.8CVSS5.8AI score0.00099EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43566

Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to v282.1.12 Description When the director sends a long-running request, such as compile package, the agent's reply JSON is processed by AgentClient. The functions inject compile log and format exception read the...

5.8CVSS5.5AI score0.00099EPSS
Exploits0References3
Cloud Foundry
Cloud Foundry
added 2026/05/26 12:0 a.m.11 views

CVE-2026-41009 - Local Blobstore may allow arbitrary reads/deletes | Cloud Foundry

MEDIUM CVSSv4: Medium 4.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L CVSSv3: Medium 5.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:L Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...

5.8CVSS6.2AI score0.00099EPSS
Exploits0
Rows per page
Query Builder