CVE-2026-41704
Description
AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes through format_exception (lines 308-325), which reads exception['blobstore_id'] and also calls download_and_delete_blob. That helper (lines 344-349) calls ResourceManager#get_resource(blob_id) and, in an ensure block, ResourceManager#delete_resource(blob_id). ResourceManager (resource_manager.rb:62-70) calls blobstore.delete(id) on the single shared Director blobstore with no UUID-format check, no ownership check, and no namespace prefix.
Affected versions: BOSH Director: All versions prior to v282.1.12
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Compromised VM can trigger arbitrary blob deletion in BOSH Director by sending malicious NATS replies.
Vulnerability
The vulnerability resides in AgentClient#handle_method (lines 264-303), which processes NATS replies. It unconditionally calls inject_compile_log (line 273) reading response['value']['result']['compile_log_id'] and passes it to download_and_delete_blob. Similarly, any reply containing an exception key triggers format_exception (lines 308-325) which reads exception['blobstore_id'] and also calls download_and_delete_blob. The helper (lines 344-349) calls ResourceManager#get_resource(blob_id) and in an ensure block calls ResourceManager#delete_resource(blob_id). ResourceManager (resource_manager.rb:62-70) calls blobstore.delete(id) on the shared Director blobstore with no UUID format check, no ownership check, and no namespace prefix. All versions of BOSH Director prior to v282.1.12 are affected [1].
Exploitation
An attacker who has gained root access to a VM in any deployment can respond to any routine Director request (e.g., get_state, apply, ping) with a crafted NATS reply containing either {"value":{"result":{"compile_log_id":""}}} or {"exception":{"message":"x","blobstore_id":""}}. The Director then fetches and deletes the blob from the shared blobstore. Blob IDs are exposed to agents via apply specs (compiled-package and template blobstore_ids) and sync_dns broadcasts, so the attacker knows valid target IDs. With a local blobstore, a compile_log_id value like "../../jobs/director/config/director.yml" can read the file contents (exfiltration) and delete it [1].
Impact
Successful exploitation allows the attacker to delete arbitrary blobs from the shared Director blobstore (S3, DAV, GCS, etc.), potentially breaking deployments that rely on those blobs (e.g., release packages, templates). With a local blobstore, the attacker can also exfiltrate arbitrary files readable by the Director process. The impact is high for integrity and availability, though the attacker must already have root on a VM [1].
Mitigation
The vulnerability is fixed in BOSH Director version v282.1.12. Users should upgrade to this version or later. There are no known workarounds; upgrading is the only mitigation [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <282.1.12
- Range: <282.1.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.