CVE-2026-22734 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: April 17, 2026
Cloud Foundry UAA - Authentication Bypass
Published: April 17, 2026Updated: April 17, 2026Remote Exploitable
Overview
Cloud Foundry UAA 77.30.0 to 78.7.0 and CF Deployment 48.7.0 to 54.14.0 contain an authentication bypass caused by acceptance of unsigned and unencrypted SAML 2.0 bearer assertions, letting attackers obtain tokens for any user, exploit requires SAML 2.0 bearer assertions enabled.
Severity & Score
Severity: High
CVSS Score: 8.6
Impact
Attackers can obtain tokens for any user, gaining unauthorized access to protected systems.
Mitigation
Update to versions later than 78.7.0 for UAA and 54.14.0 for CF Deployment or latest available versions.
Related Resources
Details
- CVE ID
- CVE-2026-22734
- Severity
- High
- CVSS Score
- 8.6
- Type
- broken_authentication
- Status
- new
CWE
- CWE-290
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N