Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-47831 exploits a critical cryptographic weakness in the GenerateRandomPassword function within bosh-windows-stemcell-builder, a tool used to create Windows VM images for cloud deployments. The vulnerability allows attackers to predict or brute-force SSH credentials because the random number generator used to create passwords lacks sufficient entropy. This affects organizations running BOSH-managed Windows infrastructure in versions prior to v2019.98, potentially exposing thousands of cloud instances to unauthorized remote access. The high CVSS score of 7.5 reflects the ease of exploitation and severity of impact—once an attacker gains SSH access, they can establish persistent footholds across virtualized environments.
While this CVE currently maps to no specific MITRE ATT&CK techniques, Casky's 754 security skills enable practitioners to detect the attack patterns this vulnerability enables: credential prediction attempts (T1110 Brute Force), initial access via SSH (T1021 Remote Services), and persistence establishment post-compromise. Using Claude AI's extended reasoning, Casky would identify anomalous SSH authentication patterns—such as multiple failed login attempts with predictable password characteristics or successful logins using weak credentials—that indicate exploitation. Practitioners reviewing Casky findings would observe suspicious authentication clustering around weak entropy indicators and be guided to prioritize patching BOSH-windows-stemcell-builder instances and rotating all SSH credentials generated by affected versions, cutting off attacker pathways before lateral movement occurs.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-47831. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation