CVE-2026-47830
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users
CVSS
8.8
Alto
EPSS
0.1%
p1
KEV
—
Exploit Today
0
0-100
Publicado: 9 jul 2026 · Última mod.: 9 jul 2026
0.1%EPSS · 30 días0.1%
2026-07-092026-07-16
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Sin CVEs relacionados por CWE o producto.