Token Revocation Vulnerability in Cloudfoundry UAA and Deployment
CVE-2026-22723

6.5MEDIUM

Key Information:

Vendor: Cloudfoundry Foundation
Status: Uaa
Vendor: CVE Published:; 5 March 2026

🔔 Create Cloudfoundry Foundation Vulnerability Alert

What is CVE-2026-22723?

A logic error in the token revocation endpoint implementation in Cloudfoundry UAA and Deployment can lead to inappropriate user token revocation. This vulnerability affects versions v77.30.0 to v78.7.0 of Cloudfoundry UAA and v48.7.0 to v54.10.0 of Cloudfoundry Deployment, potentially compromising user security and access control. Organizations using these versions should take immediate action to mitigate any risks associated with unauthorized access.

Affected Version(s)

UAA 77.30.0

References

https://www.cloudfoundry.org/blog/cve-2026-22723-uaa-user...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2026-22723 Data

JSON