CVE-2026-47829 Overview
CVE-2026-47829 is an argument injection vulnerability in the Cloud Foundry bosh-cli tool. A compromised BOSH Director can inject arbitrary OpenSSH client options into the ssh process that the CLI spawns locally. The injection occurs when an operator runs non-interactive SSH commands such as bosh ssh -c, bosh logs -f, or similar paths. Successful exploitation results in local command execution on the operator's workstation under the operator's user context. The flaw affects bosh-cli versions prior to v7.10.4.
Critical Impact
A compromised BOSH Director can execute arbitrary commands on an operator's workstation whenever the operator invokes non-interactive bosh ssh or bosh logs operations.
Affected Products
- Cloud Foundry bosh-cli versions prior to v7.10.4
- Operator workstations running vulnerable bosh-cli releases against an untrusted or compromised BOSH Director
- Any automation host that invokes bosh ssh -c or bosh logs -f against a Director-supplied target
Discovery Timeline
- 2026-07-09 - CVE-2026-47829 published to NVD
- 2026-07-09 - Last updated in NVD database
Technical Details for CVE-2026-47829
Vulnerability Analysis
The bosh-cli shells out to the local OpenSSH client to execute commands on BOSH-managed VMs. The CLI constructs the ssh command line from data returned by the BOSH Director, including host identifiers and connection metadata. Because these values are passed as positional arguments without strict validation, a Director controlled by an attacker can supply strings that OpenSSH interprets as options rather than target hostnames. This is a classic argument injection pattern against a downstream command-line tool.
OpenSSH accepts option flags such as -o and -F that can load configuration files, set ProxyCommand, or override LocalCommand. Any of these directives can result in arbitrary program execution on the local host. The result is that trust the operator places in the Director is transitively extended to full code execution on their workstation.
Root Cause
The root cause is missing sanitization and lack of an argument terminator when the CLI builds the ssh invocation. Values sourced from the Director are concatenated into the argv list without a preceding -- separator and without rejecting values that begin with -. OpenSSH therefore treats attacker-controlled strings as option flags.
Attack Vector
An attacker who controls or compromises a BOSH Director returns crafted host or target metadata to the CLI. When the operator runs a non-interactive command such as bosh ssh -c "uptime" or bosh logs -f, the CLI passes the poisoned value to ssh. OpenSSH honors an injected option such as -oProxyCommand=<attacker command>, executing the attacker payload on the operator's workstation with the operator's privileges. User interaction is required — the operator must run one of the affected subcommands — but no additional authentication on the workstation is needed.
See the Cloud Foundry advisory for CVE-2026-47829 for the vendor's technical description.
Detection Methods for CVE-2026-47829
Indicators of Compromise
- Child processes of bosh or bosh-cli that are not ssh, scp, or sftp, particularly shells, interpreters, or network utilities.
- ssh invocations spawned by bosh-cli containing suspicious option strings such as -oProxyCommand=, -oLocalCommand=, -oPermitLocalCommand=yes, or -F pointing to unexpected paths.
- Unexpected outbound network connections initiated immediately after an operator runs bosh ssh -c or bosh logs -f.
Detection Strategies
- Hunt process ancestry for bosh → ssh → non-SSH child processes on operator workstations and CI runners.
- Parse process command lines for ssh arguments beginning with -o or -F when the parent process is bosh-cli.
- Correlate bosh-cli version strings gathered from endpoint inventory against the fixed release v7.10.4 or later.
Monitoring Recommendations
- Enable command-line logging on operator workstations and jump hosts that run bosh-cli.
- Alert on any operator workstation communicating with a BOSH Director that is not on the approved Director allow-list.
- Baseline expected bosh ssh and bosh logs usage and flag anomalous invocation frequencies or new source hosts.
How to Mitigate CVE-2026-47829
Immediate Actions Required
- Upgrade bosh-cli to v7.10.4 or later on every operator workstation, CI runner, and automation host.
- Rotate any credentials, SSH keys, or tokens that were accessible on workstations that ran vulnerable bosh-cli versions against untrusted Directors.
- Audit BOSH Director access controls and verify no unauthorized modifications to Director state or deployments.
Patch Information
Cloud Foundry has released bosh-cliv7.10.4, which addresses the argument injection by properly separating and validating arguments passed to the local ssh process. Refer to the Cloud Foundry advisory for release details.
Workarounds
- Restrict bosh-cli usage to BOSH Directors under strict administrative control until all workstations are upgraded.
- Avoid non-interactive SSH subcommands such as bosh ssh -c and bosh logs -f on unpatched CLIs.
- Run bosh-cli inside an ephemeral container or restricted user account to limit the blast radius of local command execution.
# Verify the installed bosh-cli version is patched
bosh --version
# Expected: version 7.10.4 or newer
# Example upgrade on Linux
curl -Lo /usr/local/bin/bosh \
https://github.com/cloudfoundry/bosh-cli/releases/download/v7.10.4/bosh-cli-7.10.4-linux-amd64
chmod +x /usr/local/bin/bosh
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

