Cloud Foundry Logo

Cloud Foundry Blog: Cloud Foundry Foundation Security Team

CVE-2026-47833 – Symlink vulnerability in setupBpmLogs allows container-to-host privilege escalation via /etc/shadow
Security Advisory

CVE-2026-47833 – Symlink vulnerability in setupBpmLogs allows container-to-host privilege escalation via /etc/shadow

by Cloud Foundry Foundation Security Team June 18, 2026
CVE-2026-41005 – UAA accepts SAML Encrypted Assertions authentication bypass
Security Advisory

CVE-2026-41005 – UAA accepts SAML Encrypted Assertions authentication bypass

by Cloud Foundry Foundation Security Team June 11, 2026
CVE-2026-41011 – Package Name Command Injection
Security Advisory

CVE-2026-41011 – Package Name Command Injection

by Cloud Foundry Foundation Security Team June 2, 2026
CVE-2026-41010 – Release Job Name Command Injection on BOSH Director
Security Advisory

CVE-2026-41010 – Release Job Name Command Injection on BOSH Director

by Cloud Foundry Foundation Security Team June 2, 2026
CVE-2026-41860 – Missing tls-verify on bosh-monitor
Security Advisory

CVE-2026-41860 – Missing tls-verify on bosh-monitor

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41859 – Missing TLS in NATS sync
Security Advisory

CVE-2026-41859 – Missing TLS in NATS sync

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41858 – Brute forceable windows admin creds
Security Advisory

CVE-2026-41858 – Brute forceable windows admin creds

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41013 – Tenant-controlled comma smuggles arbitrary CIFS mount options
Security Advisory

CVE-2026-41013 – Tenant-controlled comma smuggles arbitrary CIFS mount options

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41704 – Compromised VM can make arbitrary blobstore deletes
Security Advisory

CVE-2026-41704 – Compromised VM can make arbitrary blobstore deletes

by Cloud Foundry Foundation Security Team May 26, 2026
CVE-2026-41009 – Local Blobstore may allow arbitrary reads/deletes
Security Advisory

CVE-2026-41009 – Local Blobstore may allow arbitrary reads/deletes

by Cloud Foundry Foundation Security Team May 26, 2026
CVE-2026-40964 – Read access to CF logs
Security Advisory

CVE-2026-40964 – Read access to CF logs

by Cloud Foundry Foundation Security Team May 22, 2026
CVE-2026-40965 – UAA EC Private Key Disclosure via token_keys JSON Response
Security Advisory

CVE-2026-40965 – UAA EC Private Key Disclosure via token_keys JSON Response

by Cloud Foundry Foundation Security Team May 14, 2026
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept