Every CVE whose affected-product data names Cloud Foundry Bosh, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2017-4961 — CVSS 8.8 (high): An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an…
CVE-2018-11083 — CVSS 8.1 (high): Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0…
CVE-2019-11271 — CVSS 7.8 (high): Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to…
CVE-2026-41009 — CVSS 5.8 (medium): When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient…
CVE-2026-41704 — CVSS 5.0 (medium): AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads…