CyberRota
← Ana sayfaya dön

CVE-2026-41860

HIGH · CVSS 8.8 EPSS %0.07

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-04T03:16:20.107 · Çekilme zamanı: 2026-06-30T18:09:05.741069+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-41860
Severity
HIGH
CVSS
8.8
EPSS
%0.07
OpenSSL

Orijinal NVD Açıklaması

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH director or UAA and steal credentials. Affected versions: - BOSH: all versions prior to v282.1.9 (inclusive); fixed in v282.1.9 or later