Vulnerabilidades en Cloud Foundry Foundation
10 resultadosCVE-2026-40964HIGHAuthentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read EPSS 0.4%CVE-2026-40965CRITICALCloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC EPSS 0.3%CVE-2026-41858MEDIUMWeak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a neEPSS 0.2%CVE-2026-47833MEDIUMsetupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process insiEPSS 0.1%CVE-2026-41010HIGHReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where EPSS 0.1%CVE-2026-41011HIGHPackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_EPSS 0.1%CVE-2026-41009MEDIUMLocal Blobstore may allow arbitrary reads/deletesEPSS 0.1%CVE-2026-41859HIGHA network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secrEPSS 0.1%CVE-2026-41704MEDIUMCompromised VM can make arbitrary blobstore deletesEPSS 0.1%CVE-2026-41860HIGHCWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_asEPSS 0.1%