High severity8.1NVD Advisory· Published Jun 1, 2026· Updated Jun 2, 2026
CVE-2026-41013
CVE-2026-41013
Description
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant Diego cells.
Affected versions: smb-volume-release: All versions prior to v3.60.0 CF Deployment: All versions prior to v56.0.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <v3.60.0
- Range: <v56.0.0
- Range: <v3.60.0, <v56.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.