CVE-2026-41013

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant Diego cells.

Affected versions:
smb-volume-release: All versions prior to v3.60.0
CF Deployment: All versions prior to v56.0.0

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Other

Potential Impacts:

Execute Unauthorized Code Or Commands Alter Execution Logic Read Application Data Modify Application Data

Applicable Platforms

Languages: Not Language-Specific, PHP

View CWE Details

https://www.cloudfoundry.org/blog/cve-2026-41013-tenant-con…

https://www.cloudfoundry.org/blog/cve-2026-41013-tenant-controlled-comma-smuggl…

CVE-2026-41013

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter