CVE-2026-40964

HIGH

Cloud Foundry log-cache_release <= v3.2.6 & CF Deployment <= v55.?.0 - JWT Authentication Bypass

Title source: llm

Description

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token. Affected versions: - log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later - CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7)

References (1)

Core 1

Core References

Various Sources

https://www.cloudfoundry.org/blog/cve-2026-40964-read-access-to-cf-logs/

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 30.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (4)

Cloud Foundry Foundation/CF Deployment < 55.?.0

Cloud Foundry Foundation/CF Deployment 12.44.0 - 55.2.0

Cloud Foundry Foundation/log-cache_release < 3.2.6

Cloud Foundry Foundation/log-cache_release 2.7.0 - 3.2.6

Published Jun 01, 2026

Tracked Since Jun 02, 2026