Cloud Foundry Logo

Cloud Foundry Blog: Cloud Foundry Foundation Security Team

CVE-2026-41011 – Package Name Command Injection
Security Advisory

CVE-2026-41011 – Package Name Command Injection

by Cloud Foundry Foundation Security Team June 2, 2026
CVE-2026-41010 – Release Job Name Command Injection on BOSH Director
Security Advisory

CVE-2026-41010 – Release Job Name Command Injection on BOSH Director

by Cloud Foundry Foundation Security Team June 2, 2026
CVE-2026-41860 – Missing tls-verify on bosh-monitor
Security Advisory

CVE-2026-41860 – Missing tls-verify on bosh-monitor

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41859 – Missing TLS in NATS sync
Security Advisory

CVE-2026-41859 – Missing TLS in NATS sync

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41858 – Brute forceable windows admin creds
Security Advisory

CVE-2026-41858 – Brute forceable windows admin creds

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41013 – Tenant-controlled comma smuggles arbitrary CIFS mount options
Security Advisory

CVE-2026-41013 – Tenant-controlled comma smuggles arbitrary CIFS mount options

by Cloud Foundry Foundation Security Team June 1, 2026
CVE-2026-41704 – Compromised VM can make arbitrary blobstore deletes
Security Advisory

CVE-2026-41704 – Compromised VM can make arbitrary blobstore deletes

by Cloud Foundry Foundation Security Team May 26, 2026
CVE-2026-41009 – Local Blobstore may allow arbitrary reads/deletes
Security Advisory

CVE-2026-41009 – Local Blobstore may allow arbitrary reads/deletes

by Cloud Foundry Foundation Security Team May 26, 2026
CVE-2026-40965 – UAA EC Private Key Disclosure via token_keys JSON Response
Security Advisory

CVE-2026-40965 – UAA EC Private Key Disclosure via token_keys JSON Response

by Cloud Foundry Foundation Security Team May 14, 2026
CVE-2026-22726 – Route Services Firewall Bypass
Security Advisory

CVE-2026-22726 – Route Services Firewall Bypass

by Cloud Foundry Foundation Security Team April 20, 2026
CVE-2026-22734 – UAA SAML 2.0 Signature Bypass
Security Advisory

CVE-2026-22734 – UAA SAML 2.0 Signature Bypass

by Cloud Foundry Foundation Security Team April 6, 2026
CVE-2026-22727 – Unprotected internal endpoints
Security Advisory

CVE-2026-22727 – Unprotected internal endpoints

by Cloud Foundry Foundation Security Team March 17, 2026
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept