CVE-2026-47830

Cloud Foundry Foundation · bosh-windows-stemcell-builder

An incorrect permission assignment in the Cloud Foundry Foundation BOSH Windows stemcell builder allows local users to escalate privileges to system level via executable overwriting.

Executive summary

An incorrect permission assignment in the BOSH Windows stemcell builder enables local privilege escalation, potentially granting an attacker full control over the system.

Vulnerability

This vulnerability (CWE-732) involves the assignment of insecure permissions to critical resources. A local, authenticated attacker can overwrite executable files, leading to arbitrary code execution with system-level privileges.

Business impact

The ability to escalate privileges to the system level provides an attacker with complete control over the affected virtual machine or host. With a CVSS score of 8.5, this vulnerability represents a significant risk to the integrity of the cloud infrastructure and the confidentiality of data residing on those systems.

Remediation

Immediate Action: Apply the vendor-provided security updates by upgrading to version 2019.98 or later immediately.

Proactive Monitoring: Review file system permissions on critical directories and monitor for unauthorized modifications to executable files used in the BOSH build process.

Compensating Controls: Implement strict access control policies on the build environment and ensure that only authorized administrative users have write access to sensitive system binaries.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the severity of privilege escalation to the system level, organizations using the BOSH Windows stemcell builder must ensure they are on version 2019.98 or newer. Immediate remediation is required to prevent unauthorized access and potential system takeover.