CVE-2026-41704: Cloud Foundry BOSH Director Arbitrary Blobstore Delete via Compromised VM

CVE-2026-41704 – Compromised VM can make arbitrary blobstore deletes Vulnerability Overview Severity: MEDIUM CVSS 4.0 Score: 6.8 (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/NVC:N/HVA:N/SC:N/SI:N/SA:H) CVSS 3.1 Score: 5.0 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:A:N) Vendor: Cloud Foundry Foundation Affected Versions: BOSH Director - All versions prior to v282.1.12 Description AgentClient#handle_method (lines 264–303) processes each NATS reply. It calls (line 273) on every response, reading (lines 332–338) and passing it to . Additionally, any response containing an is processed via (lines 308–325), reading and also calling . This helper (lines 344–349) calls and, within an ensure block, calls . The (resource_manager.rb:62–70) calls on a single shared Director blobstore without UUID format checks, ownership checks, or namespace prefixes. For (local_client.rb:37–42, 54–56), performs without rejection. Exploitation Scenario An attacker roots a VM within their deployment. The agent responds to any routine Director request ( , , ) with or . The Director then fetches and deletes that blob from the shared S3/DAV/GCS bucket. Blob IDs are pushed to the agent in the application spec (compile package and template blobstore_ids) and broadcasts, so the attacker knows valid targets. For the local blobstore, reads the file content into a task error message (exfiltration) and deletes it. Prerequisites The attacker has root on a deployed VM (any team's deployment) For arbitrary file impact: The Director is configured with a local blobstore (a supported configuration) Additional Notes This is very similar to "Local Blobstore may allow arbitrary reads/deletes," but this is about the general lack of validation of IDs before issuing blobstore commands. While non-local blobstores do not put Director integrity at risk, an attacker can still delete arbitrary blobstore data if they can determine the ID (to be fair, an attacker who has compromised a downstream VM already has blobstore credentials, so the additional privilege gained via this vulnerability is minimal). Remediation Recommended Upgrade: Upgrade BOSH Director to v282.1.12 or later Immediate Workarounds Implement strict network segmentation between deployed VMs and the Director Monitor for suspicious deletion patterns in blobstore operations Consider isolating critical deployments to dedicated BOSH Directors Implement additional access controls on blobstore operations Credit n/a History Initial vulnerability report published on May 26, 2026

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-41704: Cloud Foundry BOSH Director Arbitrary Blobstore Delete via Compromised VM