CVE-2026-47833 - Symlink vulnerability in setupBpmLogs allows container-to-host privilege escalation via /etc/shadow | Cloud Foundry

Medium CVSS score: 6.8 Medium CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/S:U/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Vendor Cloud Foundry Foundation Versions Affected Severity is Medium unless otherwise noted. bpm-release – All versions prior to v1.4.30 Description setupBpmLogs follows symlink for bpm.log open and...