CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

EUVD-2026-34193

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

CVE-2026-41859

CVE-2026-41859 describes a man-in-the-middle between nats-sync and the BOSH director that can steal director credentials (Basic auth header or UAA client secret) and tamper with the VM list written into the NATS authorization file. Stolen credentials grant administrative director access. The issu...

Cloud Foundry BOSH 安全漏洞

Cloud Foundry BOSH is a cloud infrastructure automation platform developed by the US-based Cloud Foundry company. All versions of Cloud Foundry BOSH, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from man-in-the-middle attacks between nats-sync and BOSH...

CVE-2026-41859 - Missing TLS in NATS sync | Cloud Foundry

CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor Cloudfoundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to v282.1....