Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-41013
PUBLISHED
More InfoOfficial Page
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
View Known Exploited Vulnerability (KEV) details
Published At-01 Jun, 2026 | 17:36
Updated At-04 Jun, 2026 | 17:36
Rejected At-
▼CVE Numbering Authority (CNA)
Tenant-controlled comma smuggles arbitrary CIFS mount options

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant Diego cells. Affected versions: smb-volume-release: All versions prior to v3.60.0 CF Deployment: All versions prior to v56.0.0

Affected Products
Vendor
CloudFoundry Foundation
Product
smb-volume-release
Default Status
unaffected
Versions
Affected
  • From 0 before 3.60.0 (custom)
Vendor
CloudFoundry Foundation
Product
CF Deployment
Default Status
unaffected
Versions
Affected
  • From 0 before 56.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-88CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Type: CWE
CWE ID: CWE-88
Description: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
N/AA low-privileged CF space developer can bypass the SMB mount-option allowlist by injecting arbitrary kernel CIFS mount options via comma-delimited parameters, enabling privilege escalation and security control bypass on multi-tenant Diego cells.
CAPEC ID: N/A
Description: A low-privileged CF space developer can bypass the SMB mount-option allowlist by injecting arbitrary kernel CIFS mount options via comma-delimited parameters, enabling privilege escalation and security control bypass on multi-tenant Diego cells.
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cloudfoundry.org/blog/cve-2026-41013-tenant-controlled-comma-smuggles-arbitrary-cifs-mount-options/
N/A
Hyperlink: https://www.cloudfoundry.org/blog/cve-2026-41013-tenant-controlled-comma-smuggles-arbitrary-cifs-mount-options/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found