CVE-2026-47828 - Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay
CVE ID :CVE-2026-47828 Published : July 9, 2026, 7:16 a.m. | 1 hour, 15 minutes ago Description :During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even...