CVE-2026-22723

MEDIUM

Cloudfoundry UAA 77.30.0-78.7.0 - Auth Bypass

Title source: llm

Description

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

References (1)

Core 1

Core References

Various Sources

https://www.cloudfoundry.org/blog/cve-2026-22723-uaa-user-token-revocation/

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-640 CWE-693

Status published

Products (4)

cloudfoundry/cf-deployment 48.7.0 - 54.11.0

cloudfoundry/uaa-release 77.30.0 - 78.8.0

Cloudfoundry Foundation/UAA 77.30.0 - v78.7.0

org.cloudfoundry.identity/cloudfoundry-identity-server 77.30.0 - 78.8.0Maven

Published Mar 05, 2026

Tracked Since Mar 06, 2026