CVE-2026-41013: CloudFoundry Diego CIFS Mount Options Injection Vulnerability

CVE-2026-41013 – Tenant-controlled comma smuggles arbitrary CIFS mount options Vulnerability Overview Severity: HIGH (CVSS 3.1 Score: 8.5) Description: An input validation bypass vulnerability exists in the SMB volume mount handling within the CloudFoundry Foundation's . Low-privileged CF space developers can bypass the mount option whitelist to inject arbitrary kernel CIFS mount options, thereby escalating privileges and circumventing security controls on shared-tenant Diego cells. Vulnerability Details: In the SMB mount option validation logic, CF space developers can craft malicious mount options to bypass the intended whitelist. This whitelist serves as the primary security boundary between tenant-controlled "benign SMB configurations" and dangerous root filesystem mount operations on the shared Diego infrastructure. Once the whitelist is bypassed, an attacker can control all options, including: - Weakening mount security policies by injecting options such as , , and - Manipulating credentials via and parameters - Overriding security protocols using the option - Applying other mount configurations explicitly prohibited by operators Affected Versions Affected Versions: - : All versions prior to v3.60.0 - : All versions prior to v56.0.0 Remediation Recommended Upgrade: - : Upgrade to v3.60.0 or later - : Upgrade to v56.0.0 or later (which includes v3.60.0) Immediate Workarounds: - Disable SMB volume mounting for CF space developers - Restrict SMB volume operations to platform operators only - Audit existing SMB mounts created by space developers - Implement additional network-level controls around Diego cells Additional Information Publication Date: June 1, 2026 Author: Cloud Foundry Foundation Security Team

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-41013: CloudFoundry Diego CIFS Mount Options Injection Vulnerability

More from this source