CVE-2026-47829

HIGH

Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director

CVSS v3

8.3

HIGH

EPSS Score

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.

Technical Details

CVSS v3 Vector
3.0
Published
7/9/2026
Last Modified
7/9/2026

Frequently Asked Questions

What is CVE-2026-47829?

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.

Is CVE-2026-47829 actively exploited?

Active exploitation of CVE-2026-47829 has not been confirmed. The EPSS score is N/A%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2026-47829?

CVE-2026-47829 has a CVSS v3 base score of 8.3 (HIGH severity), with vector string 3.0.

Is CVE-2026-47829 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.