Description
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control.
Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Published: 2026-07-09
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 11 Jul 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-264
CWE-284

Fri, 10 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
CWE-732

Fri, 10 Jul 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Cloudfoundry
Cloudfoundry bosh-windows-stemcell-builder
Vendors & Products Cloudfoundry
Cloudfoundry bosh-windows-stemcell-builder

Thu, 09 Jul 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
CWE-732

Thu, 09 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 07:00:00 +0000

Type Values Removed Values Added
Description Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Title Incorrect Permission Assignment Allows Local Privilege Escalation to SYSTEM via Executable Overwrite
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Cloudfoundry Bosh-windows-stemcell-builder
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-07-09T12:49:41.047Z

Reserved: 2026-05-20T10:00:48.931Z

Link: CVE-2026-47830

cve-icon Vulnrichment

Updated: 2026-07-09T12:49:36.494Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-12T07:30:05Z

Weaknesses